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CLEAR  CHOICE  TEST:  DATA  LOSS  PREVENTION 


Perimeter-based  DLP  tools  require  fine  tuning  to  effectively 
block  ‘bad’  data  from  escaping  the  network.  PAGE  24 


Microsoft’s 
embrace  of  Linux 
seen  as  strategic 

Linux  alignment  helps 
cloud,  virtualization  efforts 

BY  JOHN  FONTANA 


Black  Hat  to  expose  attacks 

Conference  briefings  show  how  to  compromise  SSL, 
steal  keyboard  activity  from  power  lines 

BY  TIM  GREENE 


THE  BLACK  HAT  conference  unfolds 
in  Las  Vegas  this  week  with  an  agenda 
set  to  expose  exploits  as  varied  as  tapping 
power  outlets  to  capture  keyboard  signals  and 
closing  up  holes  in  the  use  of  the  secure  protocol 
that  protects  online  bank  transactions. 

Other  briefings  will  consider  the  use  of  lasers 


and  analysis  software  to  figure  out  what’s 
being  typed  on  laptops  and  detecting 
what  damage  has  been  done  via  attacks 
that  leave  no  trace  on  computer  hard 
drives. 

Black  Hat  USA  2009,  considered  a  premier 
venue  for  publicizing  new  exploits  with  an  eye 
toward  neutralizing  them,  is  expected  to  draw 

See  Black  Hat,  page  14 


DESPITE  MICROSOFT’S  HISTORIC  Linux 
kernel  code  submission  last  week,  the  fact 
shouldn’t  be  lost  that  the  company  on  many 
levels  still  lives  in  a  community  of  one  much 
more  so  than  a  community  at  large. 

Its  virtualization  device  drive  contribu¬ 
tion  and  commitment  to  a  GPLv2  license  is 
evidence  that  Microsoft  is  finally  coming  to 
grips  with  Linux  and  the  open  source  devel¬ 
opment  model.  Experts  say  Microsoft  knows 
it  must  respect  the  open  source  community 
as  more  organizations  move  to  mixed  soft¬ 
ware  environments. 

But  Microsoft’s  Linux  surprise  also  repre¬ 
sents  a  shrewd,  tactical  move  to  position  itself 
in  high-stakes  markets  where  it  sees  huge 
growth. 

“This  move  is  not  so  much  about  doing  some¬ 
thing  specific  to  control  the  growth  of  Linux  as 
much  as  it  is  to  put  Microsoft  in  a  position  that 
is  strategically  more  important  long  term,”  says 
A1  Gillen,  an  analyst  with  IDC. 

Those  long-term  goals,  and  mighty  revenue 
opportunities,  are  focused  on  taking  a  domi¬ 
nant  role  in  virtualization  and  cloud  comput¬ 
ing  markets. 

That’s  the  community-of-one  talking. 

“Why  should  Microsoft  let  a  religious  dis¬ 
taste  for  Linux  get  in  the  way  of  making  a  lot 
of  money  on  Windows  Server  2008  being  the 
hyjpervisor  under  all  those  Linux  servers,”  says 

See  Microsoft,  page  31 


BURNING  * 
QUESTIONS?  T 


IRELESS 
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1.  Are  mobile  Web  apps  ever  going  to  grow  up? 

2.  How  much  longer  are  you  going  to  hang  onto  that  Ethernet  cable? 

3.  Do  you  have  any  idea  how  much  money  you’re  wasting  on 
international  wireless  services? 


WELCOME  TO  A  PLACE  WHERE  ANYTHING  IS  POSSIBLE. 
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WHERE  IF  YOU  DREAM  IT,  YOUR  INFRASTRUCTURE  BECOMES  IT. 


FROM  DATACENTER  TO  DESKTOP 


Microsoft  Virtualization 


YOU  DO  MORE.  YOU  SAVE  MORE 
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RESTRICTED 
AREA 
KEEP  OUT 


Let's  make  the  gateway  more  secure. 

Your  data  can  be  safe.  And  is  there  anyone 
better  qualified  to  help  than  the  highly  trained 

security  specialists  at  CDW?  Working  together  we'll 
assess  your  network.  And  equip  you  with  the  right 
hardware  and  software  for  the  job.  Let's  lock  it  up. 

Let's  get  going. 


Find  out  all  the  ways  CDW  can  help  you  protect  your  network. 

CDW.com  |  800.399.4CDW 


The  Right  Technology.  Right  Away.* 


'Licensing  requires  a  minimum  purchase  of  five  licenses;  includes  one-year  Maintenance  (12x5  telephone  and  online  technical  support,  virus  pattern  updates  and  product  version 
upgrades).  Offer  subject  to  CDW's  standard  terms  and  conditions  of  sale,  available  at  CDW.com.  ©2009  CDW  Corporation 
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CLEAR  CHOICE  TEST:  DATA  LOSS  PREVENTION 

Fidelis  outscores  three  rivals 


Perimeter-based  DLP  tools  require  fine  tuning 
to  effectively  block  ‘bad’  data  from  escaping  the 
network,  page  24 


Seagate’s 


802.11n  Wi-Fi  standard 
enters  homestretch 

The  IEEE  802.11n  standard  is  likely  to  be 
approved  in  September,  making  the  high¬ 
speed  wireless  LAN  technology  official  after 
about  seven  years  of  wrangling  and  refinement. 
The  802.11  working  group,  which  has  devel¬ 
oped  all  the  major  wireless  LAN  standards,  has 
voted  to  send  Draft  2.0  of  the  lln  standard  on 
to  the  upper  levels  of  the  IEEE  for  final  review 
and  publication,  according  to  a  blog  entry  by 
Matthew  Gast,  chief  strategist  at  Trapeze  Net¬ 
works  and  a  member  of  the  task  group.  There 
was  only  one  dissenting  vote,  Gast  wrote. 


Slow  going  for  desktop  virtualization 

Organizations  are  finding  it  hard  to  calculate 
the  cost  benefits  of  desktop  virtualization 
and  broad  adoption  is  unlikely  to  happen  for 
another  year  or  two,  VMware’s  CEO  says.  Inter¬ 
est  in  the  technology  is  high,  and  companies 
with  a  strong  focus  on 
security  and  regulatory 
compliance,  such  as  finan¬ 
cial  services  companies, 
are  adopting  it  quickly, 

VMware  CEO  Paul  Maritz 
said  during  the  company’s 
quarterly  conference  call 
last  week.  But  for  other 
organizations  the  benefits 
aren’t  so  clear.  “A  lot  of  companies  frankly 
don’t  have  a  good  handle  on  what  the  baseline 
is  —  they  can’t  tell  you  what  it  costs  to  provi¬ 
sion  a  desktop  today,”  he  says. 


Tough  week  for  Adobe 


A  vulnerability  that  Adobe  has  confirmed  to 
exist  in  a  number  of  its  Reader,  Flash  Player 
and  Acrobat  products  is  being  exploited 
through  malicious  Flash  code  in  Web  pages 
and  via  a  malicious  PDF  file  attack  that  can 
potentially  crash  Windows,  Macintosh  and 
Linux  operating  systems  and  according  to 
Adobe,  "potentially  allow  an  attacker  to  take 
control  of  the  affected  system.”  Symantec, 
Purewire  and  other  security  vendors  issued 
warnings  throughout  the  week  as  new  threats 
were  discovered.  Adobe  is  working  on  fixes, 
which  it  hopes  to  have  made  by  the  end  of  July. 
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701-2228;  E-mail:  nww@omeda.com;  URL:  www.subscribenww.com 
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PEERSAY 


A  business  move  for  Microsoft 

Re:  Microsoft  stuns  Linux  world,  submits  source 
code  for  kernel  (http://tinyurl.com/kqaga7): 

Of  course  they’re  doing  it  because  it’s  to  their 
benefit.  IBM  is  involved  in  Linux  because  it’s  to 
their  benefit,  and  even  core  Linux  companies 
like  Novell  and  Red  Hat  focus  their  paid  devel¬ 
opers  on  projects  that  they  believe  will  benefit 
the  company. 

The  interesting  thing  here  is  why  they  think 
it’s  to  their  benefit:  their  corporate  clients  are 
insisting  that  they  acknowledge  the  multi-plat¬ 
form  reality  in  today’s  IT  departments. 

That’s  a  really  big  deal.  Sure,  Microsoft  would 
love  to  have  a  higher  penetration  of  the  server 
OS  market  (and  perhaps  even  wipe  Linux  off  the 
map  if  they  could),  but  they  are  now  acknowl¬ 
edging  that  Linux  is  an  important  part  of  IT 
infrastructure  that  they  have  to  live  with,  and 
thus  a  legitimate  competitor. 

Microsoft  doesn’t  automatically  win  every 
battle  they  enter  —  look  at  phones,  game  con¬ 
soles,  search.  In  markets  they  don’t  own,  they  try 
to  find  a  competitive  advantage  wherever  they 
can  (just  like  any  other  competitor),  but  they 
can’t  just  wish  away  their  competition.  Servers 
are  now  (officially)  one  of  those  markets. 

Anon 

They  are  a  business,  plain  and  simple,  and  it 
seems  they  are  trying  to  be  accepted  by  the 
open  source  community;  making  friends 
with  them  and  trying  to  change  some  negative 
perceptions. 

They’ve  been  at  it  for  a  while.  This  is  one 
more  move  in  that  direction  that  benefits  them 
and  gives  them  a  way  to  spin  things  such  that  it 
makes  them  look  friendly. 

perlhacker 

Touchscreens  and  fast 
food  don’t  mix 

Re:  Windows  now  serves  coke  (http://tinyurl. 
com/lbq4ed): 

Anyone  who  has  ever  worked  in  a  restaurant 
can  tell  you  that  within  a  matter  of  days  or  weeks, 
all  touch  screens  begin  to  fail.  They  just  aren’t 


#  10-IT  tracks;  Vendor  Expo;  Peer  Case-Studies 

*  Feature  sessions  include:  Security; 

WAN  Services;  Network  Management; 
Virtualization;  Data  Centers;  SaaS;  Green  IT; 
UC;  VoIP;  Mobility;  Application  Delivery 


cut  out  for  the  fast  pace,  high  humidity  environ¬ 
ment  of  a  restaurant  work  station.  Ever  wonder 
why  your  food  comes  out  wrong  from  a  restau¬ 
rant  chain  kitchen?  It  is  probably  because  the 
server  pressed  the  right  areas  on  the  screen,  but 
the  touch  screen  selected  the  wrong  options. 

Chuck P 

Digital  is  in  a  world  of  its  own 

Re:  Amazon  fails  to  remember  the  physical 
(http://tinyurl.com/lvzk29): 

Digital  works  do  seem  to  be  perceived  on  aver¬ 
age  as  somewhat  different  than  physical  works. 
Amazon’s  action  is  not  the  same  as,  but  is  a  near 
analog  to,  the  widely  practiced  theft  of  music 
and  movies  by  free  download.  Appropriation  of 
someone  else’s  digital  property  in  both  cases  is 
somehow  not  treated  the  same  way  as  it  would 
be  if  it  were  physical. 

Amazon  clearly  would  never  contemplate 
sending  someone  to  a  buyer’s  house  to  confis¬ 
cate  the  improperly  sold  books  but  that  buyer 
would  be  equally  unlikely  to  actually  steal  a  CD 
from  Best  Buy. 

The  law  will  change  as  our  social  values 
change  of  course  so  we  will  all  come  to  some 
acceptable  solution.  In  the  mean  time  though 
this  is  probably  one  of  the  better  examples  of 
how  technology  has  outstripped  social  norms. 

Anon 

A  case  of  IBM  overlap 

Re:  IBM  strikes  OEM  deal  to  resell  Juniper 
Ethernet  switches,  routers  (http://tinyurl.com/ 
m984k6): 

Trying  to  make  sense  of  this.  You  say  “Bro¬ 
cade  for  SAN  and  Juniper  for  route/switch”, 
but  IBM  is  also  in  an  OEM  agreement  to 
rebrand  a  Brocade  router/switch  portfolio  in 
their  SuperX,  GS,  and  MLX  series.  These  cover 
the  campus  backbone,  wiring  closet,  and  data 
center  just  as  the  Juniper  products  do.  So  now, 
there  will  be  two  families  of  overlapping  prod¬ 
ucts  that  have  IBM  labels  on  them,  but  will  not 
have  hardware  or  software  in  common.  Makes 
perfect  sense  to  me. 

Anon 
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The  IBM'  System  X355CT  M2  Express,  powered  by  the  Intel®  Xeon®  processor  5500  series, 
is  one  of  the  industry’s  leading  x86  servers  for  virtualization.  With  its  Integrated  Management 
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BLOGOSPHERE 

■  Open  Source  vendors  band  together 
against  Microsoft.  Network  World's  Google 
Subnet  reports  that  Google  is  one  of  more 
than  50  companies  that  have  banded  together 
to  pressure  the  U.S.  government  to  buy  more 
open  source  software.  The  coalition  calls  itself 
Open  Source  for  America  and  its  motives  are 
seen  as  specifically  targeting  government 
no-bid  renewals  of  Microsoft  products.  For 
years,  Microsoft  had  no  significant  com¬ 
petitors  in  the  desktop  operating  system  and 
Office  markets  (after  it  wiped  out  '80s  icon 
products  like  WordPerfect  and  Lotus  123). 

The  bummer  of  being  a  monopoly  is  that  the 
government  wants  to  micro-manage  you.  The 
upside  is  that  the  government  was  allowed 

to  renew  contracts  without  sending  them  out 
to  bid.  But  open  source  companies  ...  with 
Red  Hat  as  their  cheerleader ...  say  no  more. 
Microsoft  may  still  be  a  monopoly  because  of 
the  market  share  it  controls,  but  that  doesn't 
mean  competitors  don't  exist  and  should  be 
excluded  from  getting  a  piece  of  the  bil¬ 
lions  that  governments  spend  on  software. 
http://tinyurl.com/mbmuks 

■  How  to  make  your  e-mails  “Vanish".  Not 
that  Network  World  Editor  Bob  Brown  has 
anything  to  hide,  but  he  decided  to  give  the 
University  of  Washington’s  new  e-mail  disap¬ 
pearing  tool,  dubbed  Vanish,  a  whirl  anyway. 
He  couldn't  quite  get  the  downloaded  version 
to  work  without  timing  out,  but  was  able  to 
get  the  gist  with  an  alternate  "modest  scale" 
service  version.  But  first,  some  background: 
Vanish  is  designed  to  give  people  control 
over  how  long  their  e-mail  messages  and 
other  online  content  lives  out  in  the  wild.  "If 
you  care  about  privacy,  the  Internet  today 

is  a  very  scary  place,"  said  UW  computer 
scientist  Tadayoshi  Kohno,  in  a  statement. 

"If  people  understood  the  implications  of 
where  and  how  their  e-mail  is  stored,  they 
might  be  more  careful  or  not  use  it  as  often." 
http://tinyurl.com/nntls9 

■  Cell  Phones  and  driving:  The  govern¬ 
ment  cover-up.  Network  World  blogger  Craig 
Mathias  has  been  saying  it  for  a  long  time:  cell 
phones  and  driving  do  not  mix.  The  evidence 
grows  daily.  Some  moron  train  operator  in 
Boston  decides  to  text  his  girlfriend  while 
operating  a  passenger  train,  injures  dozens 

of  people,  and  causes  $9  million  in  damage. 
So,  while  it's  been  obvious  for  some  time 
that  something  needs  to  be  done,  even  I  was 
shocked  to  learn  that  the  federal  government 
has  had  proof  of  the  relationship  between  cell 
phones  and  "accidents"  for  a  very  long  time, 
but,  obviously  for  political  reasons,  sat  on  this 
evidence.  http://tinyurl. com/kpnqbs 


ITVIDEO 


Interviews,  the  Coolest  Tools  and  More 


IDG  News  Wire 


An  hour  in  the  sun  will  pro¬ 
vide  six  minutes  of  talk  time 
and  six  hours  of  standby  time. 
The  phone  has  just  gone  on 
sale  in  Japan. 

http://tinyurl.com/now7c3 


IDG  News  Wire 

MIT  electric  car 
may  rival  gas 
versions 

By  the  third  quarter  of  2010, 
the  MIT  Electric  Vehicle 
Team’s  goal  is  to  build  an 
all-electric  car  with  similar 
performance  capabilities  of 
gasoline-only  counterparts. 
http://tinyurl.com/naavm5 


IDG  News  Wire 

Qualcomm  chip 
promises  in-home 
HD  video 

Qualcomm  demonstrated 
special  technology  that  the 
company  said  can  stream 
high-definition  video  from  a 
central  video  server  to  any 
room  in  a  house. 
http://tinyurl.com/lry947 


Sharp’s 
solar-powered 
cell  phone 


TT  Best  of  NWW's 

lAd  NEWSLETTERS 

Is  Avaya  the  best  buyer  for 
Nortel’s  enterprise  business? 


Avaya’s  bid  for  Nortel’s  enterprise  business 
is  now  public  record,  again  I'aising  questions 
about  what’s  in  the  best  interest  of  the  compa¬ 
nies  and  customers.  Avaya  has  been  rumored 
to  be  a  buyer  since  last  month,  and  the  rumored 
price  at  the  time  was  $500  million,  not  too  far 
from  the  $475  million  announced  this  week. 
Granted,  this  figure  may  rise.  The  details  of  the 
arrangement  are  that  Nortel  could  still  enter¬ 
tain  better  offers  from  other  companies,  and  the 
price  is  low  enough  that  other  bidders  may  pop 
up.  The  deal  would  strike  a  blow  against  any 
ideas  of  resurrecting  the  Bay  Networks  brand 
(“ABaya”?),  though  the  idea  was  suggested  late 
last  month.  It  would  also  make  it  difficult  for 
the  enterprise  network  gear  that  had  its  genesis 
in  Bay  Networks  to  stand  apart  from  the  over¬ 
arching  message  of  unified  communications 
that  either  Nortel  or  Avaya  would  put  forth. 

But  Tim  Greene  pointed  out  that  what  Avaya 
is  really  looking  for  is  customers,  and  making 
the  purchase  would  presumably  be  a  shortcut 
to  getting  those  customers.  Collateral  dam¬ 
age  in  all  of  this  could  be  Extreme  Networks’ 
longstanding  marketing  relationship  with 
Avaya.  Extreme  provided  the  data  networking 
complement  to  Avaya’s  voice  communications 


expertise,  a  mission  that  would  be  filled  by  the 
current  Nortel  enterprise  division.  While  the 
outcome  may  not  be  ideal,  the  time  for  looking 
for  ideal  scenarios  is  past. 

http://tinyurl.com/l4tzp4 

Cloud  security:  Novell  is  trying  to  secure  cloud 
services  with  technology  that  maps  corporate 
security  policies  to  service  providers’  clouds  so 
applications  and  databases  get  the  same  protec¬ 
tion  as  in  corporate-owned  facilities.Novell 
Cloud  Security  Service  is  in  private  beta  and 
is  scheduled  to  be  commercially  available  this 
fall,  the  company  says,  and  a  proof  of  concept 
of  the  technology  will  be  demonstrated  at  the 
Burton  Group’s  Catalyst  conference  this  week. 
Providers  that  buy  into  the  cloud  security 
service  can  offer  services  that  enforce  their  cus¬ 
tomer’s  security  standards  within  the  provid¬ 
ers’  cloud,  Novell  says.  In  the  Novell  scheme, 
corporate  security  policies  are  captured  from 
enterprise  directories  and  identity  stores  via 
an  Enterprise  Connector.  That  is  transferred  to 
the  provider  network  via  a  Cloud  Bridge,  and 
an  Identity  Connector  in  the  cloud  maps  the 
corporate  policies  to  the  public  infrastructure 
for  enforcement,  http://tinyurl.com/lep2ta 
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CASE  STUDY 


UC  on  Cruise  Control 

Functionality  of  unfied  communications 
increases  satisfaction  for  premier  tour  company 


Bill  Dziura,  Executive  Vice  President  of  IT 

COLLETTE  VACATIONS 

Having  worked  for  17  years  at  Collette  Vacations  at  the  company's 
headquarters  in  Pawtucket,  Rhode  Island,  Bill  Dziura  oversees  technology 
systems,  security  and  infrastructure. 


Top-notch  communications  keeps  this 
91-year-old  tour  company  current. 

Here,  Bill  Dziura  explains  what  Collette 
has  achieved  in  evolving  its  technology 
so  that  its  communications  systems  are 
always  updated,  not  outdated. 

What  is  Collette's  greatest  communi¬ 
cations  challenge? 

We  are  a  global  company  with  salespeo¬ 
ple  working  from  their  homes  all  over 
the  U.S.,  Canada  and  the  U.K.,  and  we 
have  employees  running  tours  around 
the  world.  So  our  biggest  challenge  is 
just  keeping  in  touch  and  being  able  to 
find  people  when  we  need  them.  Com¬ 
municating  with  our  employees  is  quite 
complicated  to  manage  while  keeping 
pace  with  the  daily  barrage  of  voicemail 
and  email  messages.  In  addition,  it  is  our 
goal  to  have  our  contact  center  handle 
customer  questions  with  one  call. 

Why  did  you  invest  in  the  Avaya 
unified  communications  solution? 

The  short  answer  is  that  the  Avaya 
solution  addresses  all  the  challenges  I 
mentioned.  When  we  put  the  system 
in,  we  weren’t  really  looking  for  cost 
savings.  We  had  a  20-year-old  system 
and  we  were  simply  behind  the  curve  in 
terms  of  functionality.  So  we  went  with 
full  Internet  Protocol,  integrated  it  with 
Microsoft  and  took  advantage  of  Avaya’s 
unified  communications  functionality. 


It  has  definitely  been  the  catalyst  for 
much  more  effective  communications. 

What  UC  capabilities  have  been 
leveraged  most  successfully? 

We  use  a  number  of  key  features  in  our 
business.  For  example,  Modular  Mes¬ 
saging  enables  us  to  consolidate  man¬ 
agement  of  voicemail  and  email  into 
one  mailbox,  so  we  can  listen  to  emails 
and  reply  to  voice  messages  with  email. 
Those  messages  can  even  be  accessed 
on  our  PDAs.  We  use  the  “find  me” 
feature  extensively;  our  business  cards 
have  only  one  number— customers  dial 
it  to  connect  with  us  in  the  office,  on  our 
cell  or  at  home.  We  also  take  advantage 
of  click-to-IM,  click-to-call  and  click-to- 
Microsoft  Live  Meeting,  while  leverag¬ 
ing  presence  to  see  who’s  available. 
Additionally,  the  management  team 
uses  the  system  to  monitor  employees— 
listening  in  on  calls  to  see  how  ques¬ 
tions  are  handled  and  to  evaluate  sales 
techniques,  and  using  IM  to  assist  with 
those  calls.  And  in  the  contact  center, 
our  unique  routing  protocols  ensure 
that  customer  calls  are  always  answered. 

How  has  the  solution  affected  users? 

The  solution  was  adopted  immediately 
with  great  satisfaction.  The  ability  to 
see  if  someone’s  on  the  phone  and  then 
simply  click  to  call  makes  it  easier  for 
our  employees  to  communicate.  We  get 


messages  in  one  place,  which  saves  time. 
And  we  support  softphone  capabilities 
as  well  as  Windows  Mobile  products, 
so  employees  can  use  whatever  device 
they  want,  wherever  they  want— making 
them  very  happy.  All  that  has  contrib¬ 
uted  to  our  ranking  as  one  of  the  top 
companies  to  work  for  in  Rhode  Island 
for  the  past  three  consecutive  years. 

Where  are  you  experiencing  the 
greatest  return  on  your  investment? 

It’s  hard  to  put  numbers  to  it,  but  our 
greatest  return  comes  from  improved 
communications,  customer  service  and 
productivity.  From  a  sales  perspective, 
we  are  better  able  to  train  and  manage 
the  team  and  monitor  its  productivity, 
which  is  very  profitable.  In  terms  of 
customer  service,  having  one  phone 
number  for  customers  and  always  hav¬ 
ing  those  calls  answered  has  improved 
service  dramatically.  And  for  the  rest 
of  the  company,  one  inbox  source  for 
our  messages  is  a  big  productivity  gain. 
These  advantages  have  more  than  com¬ 
pensated  for  our  investment. 


For  more  information  go  to: 

www.networkwortd.com/ 

community/uc 
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Smarter  technology  for  a  Smarter  Planet: 

Can  an  entire  business 
be  given  a  nervous  system? 

Datacenters  used  to  be  a  fairly  straightforward  concept:  air-conditioned 
rooms  that  housed  the  physical  machines  that  powered  a  company’s  IT 
capabilities.  But  on  a  smarter  planet,  intelligent  devices  connected  by 
powerful  service  management  systems  are  redefining  the  role  of  the 
infrastructure  at  the  core  of  the  enterprise.  If  digital  intelligence  can  be 
infused  into  things  like  production  equipment  and  supply  chains,  then 
the  datacenter  isn’t  simply  the  nervous  system  for  IT.  It’s  the  nervous 
system  of  the  entire  business. 

But  that  will  require  a  broader  way  of  thinking  about  infrastructure. 

Not  as  a  collection  of  disconnected  pieces,  but  as  an  integrated  system 
that  connects  the  datacenter  to  all  of  the  digital  and  physical  assets 
of  the  business— a  nervous  system  that  can  sense  and  respond  to 
change.  From  railway  systems  that  can  predict  and  schedule  their 
own  maintenance  to  assembly  lines  that  understand  how  to  adjust 
to  changing  needs  to  power  grids  that  match  supply  and  demand, 
IBM  is  already  helping  customers  improve  service,  increase  flexibility 
and  reduce  operating  costs  by  as  much  as  50%. 

From  a  computing  standpoint,  the  last  50  years  were  largely  about  building 
machines  that  were  more  intelligent.  Let’s  make  the  next  50  about 
extending  that  intelligence  across  a  smarter,  more  dynamic  infrastructure. 

A  smarter  business  needs  smarter  software,  systems  and  services. 

Let’s  build  a  smarter  planet,  ibm.com/infrastructure 


\  *  / 


IBM,  the  IBM  logo,  ibm.com,  Smarter  Planet  and  the  planet  icon  are  trademarks  of  International  Business  Machines  Corp.,  registered  in  many  jurisdictions  worldwide.  Other 
product  and  service  names  might  be  trademarks  of  IBM  or  other  companies.  Acurrent  list  of  IBM  trademarks  Is  available  on  the  Web  at  www.ibm.com/legal/copytrade.shtml. 


NETWORKWORLD.COM 

Follow  these  links  to  more  resources  online 

Microsoft  revenue  declines 
17%  in  fiscal  Q4 

Microsoft’s  revenue  declined  17%  and  net  income  declined  29%  year 
over  year  in  its  fiscal  2009  fourth  quarter  due  to  continued  weakness 
in  global  sales  of  PCs  and  servers,  the  company  reported.  Revenue  of 
$13.1  billion  and  earnings  per  share  of  34  cents  slightly  missed  ana¬ 
lysts’  forecasts  for  the  quarter  that  ended  June  30;  Thomson  Reuters 
analysts  were  expecting  revenue  of  $14.37  billion  and  earnings  per  share  of  36 
cents.  Microsoft  CFO  Chris  Liddell  acknowledged  that  fourth-quarter  results 
were  disappointing,  but  said  the  company  is  in  a  good  position  to  meet  the  eco¬ 
nomic  challenges  it  expects  to  face  in  at  least  the  first  two  quarters  of  its  fiscal 
2010.  “In  my  mind  we  are  a  stronger  company  than  we  were  a  year  ago,”  he  said. 
“However,  the  economy  continues  to  be  challenging  and  we  need  to  lift  our  game 
to  another  level  in  2010.”  http://tinyurl.com/l6zbdx 


VC  deals  for  network  companies  climb 
slightly.  Venture  capital  investments  in 
network  companies  rebounded  slightly  in  the 
second  quarter,  three  months  after  funding  lev¬ 
els  reached  an  historic  low,  but  venture  experts 
said  the  industry  is  far  from  making  a  true 
comeback.  U.S.  venture  capitalists  invested 
$1.2  billion  in  networking  companies  in  the 
second  quarter  of 2009,  up  from  $982  million 
in  the  first  quarter,  according  to  the  MoneyTree 
Report  from  PricewaterhouseCoopers  and  the 
National  Venture  Capital  Association.  But  the 
increase  to  $1.2  billion  is  not  statistically  sig¬ 
nificant  and  does  not  indicate  a  return  to  form, 
says  Tracy  Lefteroff,  a  global  managing  partner 
of  PricewaterhouseCoopers.  “It’s  just  flat,”  he 
said.  “I  wish  I  could  tell  you  there  was  light  at 
the  end  of  the  tunnel.”  Workday,  a  software- 
as-a-service  ERP  vendor,  landed  the  largest 
network  deal  of  the  quarter  with  $75  million  in 
new  funding,  followed  by  flash  storage  vendor 
Fusion-io,  which  landed  $47.5  million. 
http://tinyurl.com/mkqz96 

McAfee  updates  managed  cloud  security 
service.  McAfee’s  latest  version  of  its  managed 
security  service  includes  new  features  that  let 
companies  scan  their  Web  sites  for  vulner¬ 
abilities  as  well  as  check  for  compliance  with 
financial  data-handling  standards.  McAfee’s 
Total  Protection  Service  5.0  scans  Web  sites  to 
see  if  they’ve  been  hacked  and  then  can  send 
reports  to  administrators  as  to  what’s  wrong. 
The  vulnerability  assessment  service  can  also 
check  to  see  if  a  particular  Web  site  complies 
with  the  Payment  Card  Industry  Data  Security 
Standard,  which  is  a  set  of  rules  supported 
by  card  companies  such  as  MasterCard  and 
Visa.  McAfee  has  also  integrated  into  the  latest 
release  technology  that  came  from  Secure 
Computing,  which  McAfee  acquired  for  $465 
million.  That  includes  TrustedSource,  which 


was  Secure  Computing’s  intelligence  system 
for  collecting  information  on  malware,  e-mail 
and  Web  threats.  It  can  judge  the  legitimacy 
of  a  Web  site  or  e-mail  message  based  on  its 
reputation,  or  a  set  of  characteristics  that  can 
be  analyzed  to  determine  what  threat  it  poses. 
http://tinyurl.com/lhltzr 

MIT  electric  car  may  rival  gas  models  on 
performance.  Inside  a  plain-looking  garage 
on  the  Massachusetts  Institute  of  Technology’s 
campus,  undergraduate  Radu  Gogoana  and 
his  team  of  fellow  students  are  working  on  a 
project  that  could  rival  what  major  automobile 
manufacturers  are  doing.  The  team’s  goal  is  to 
build  an  all-electric  car  with  similar  perfor¬ 
mance  capabilities  of  gasoline-only  counter¬ 
parts,  which  includes  a  top  speed  of  about  161 
kph,  a  family  sedan  capacity,  a  range  of  about 
320  kilometers  and  the  ability  to  recharge  in 
about  10  minutes.  “Right  now  the  thing  that 
differentiates  us  is  that  we’re  exploring  rapid 
recharge,”  Gogoana  said,  adding  that  many  of 
today’s  electric  vehicles  take  between  two  to 
12  hours  to  recharge.  For  this  project,  which  is 
based  on  the  body  of  a  2010  Mercury  Milan 
Hybrid,  the  team  plans  to  use  lithium  iron- 
phosphate  cell  batteries  from  A123Systems 
“because  they  have  very  low  internal  resistance 


and  they’ve  also  been  on  the  market  for  about 
three  years,”  Gogoana  said. 

http://tinyurl.com/kwmfko 

IBM  to  resell  Juniper’s  Ethernet  switches, 
routers.  Juniper  and  IBM,  as  expected,  have 
entered  into  an  OEM  arrangement  under 
which  IBM  will  resell  Juniper  Ethernet 
switches  and  routers  to  data  center  customers. 
The  deal  reflects  a  broadening  of  the  longstand¬ 
ing  relationship  between  Juniper  and  IBM.  In 
2007,  IBM’s  Global  Technology  Services  group 
agreed  to  resell  Juniper’s  product  portfolio, 
including  routing,  switching  and  security  plat¬ 
forms.  For  the  past  year,  IBM  and  Juniper  have 
been  working  together  on  the  Stratus  Project, 
Juniper’s  initiative  to  create  a  single  data  center 
fabric  for  converged  and  virtualized  data  center 
environments.  The  companies  are  also  jointly 
researching  cloud  computing  security  models 
to  determine  how  customers  might  mitigate 
attacks  on  corporate  data  and  computer  sys¬ 
tems.  http://tinyurl.com/n989os 

Oracle  buys  data-integration  specialist. 

Oracle  announced  plans  to  buy  GoldenGate 
Software,  a  maker  of  data-integration  tools, 
for  an  undisclosed  sum.  The  acquisition  is 
expected  to  close  later  this  year.  GoldenGate’s 
technology  “offers  advanced  change  data  cap¬ 
ture  capabilities  that  allow  ongoing  real-time 
pulls  from  the  database  log  files  of  production 
environments  —  meaning  that  the  perfor¬ 
mance  of  these  production  environments  won’t 
be  impacted  from  the  ongoing  queries  into  their 
database,”  Forrester  Research  analyst  Rob 
Karel  said.  “This  is  a  critical  requirement  to 
enable  high-volume  data  extraction  to  support 
real-time  data  warehousing  and  BI,  as  well  as 
master  data  management.” 
h  ttp:/ Ztinyurl.  com/ngngym 

Outsourcers  struggle  as  recession  wears  on. 

Outsourcers  aren’t  seeing  the  gains  indus¬ 
try  watchers  expected  during  the  economic 
downturn,  according  to  the  TPI  Index,  which 
shows  fewer  deals  for  less  value  were  signed  in 
the  first  half  of 2009  than  last  year.  Despite  the 
proposed  cost-saving  benefits  of  outsourcing, 
this  year’s  recession  continues  to  chip  away  at 
the  growth  IT  service  providers  experienced 
in  2007.  “Compared  to  the  first  six  months 
of 2008,  which  saw  record  levels  of  sourcing 
activity,  the  market  in  the  first  half  of 2009 
awarded  11%  fewer  contracts  with  22%  lower 
[total  contract  value]  and  28%  lower  [annual 
contract  value],”  TPI  reported.  In  addition,  the 
sourcing  advisory  firm,  which  tracks  com¬ 
mercial  outsourcing  contracts  valued  at  $25 
million  or  more,  found  that  the  total  number 
of  contracts  awarded  in  the  second  quarter  fell 
7.5%  from  the  first  quarter  to  135. 
http://tinyurl.com/leodm7 
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Mid-Market  CIOs  vs.  Technology  Providers 


Advise  your  team  on  how  to  forge  more  effective  CIO 
and  vendor  partnerships 

Lead  with  your  best  game  plan  and  close  the  gap 

Influence  the  mid-market  by  providing  right  sized  IT  solutions 


Get  to  the  end  zone  -  access  our  complimentary  Playbook 
Excerpt  or  purchase  the  full  Playbook,  a  unique  resource, 
developed  by  CIOs  for  CIOs  and  the  vendor  community  that 
supports  them. 


Know  Your  Next  Move 

council.cio.com/playbook 
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■  BlackHat ,  from  page  1 

thousands  to  hear  presentations  from  academ¬ 
ics,  vendors  and  private  crackers. 

For  instance,  one  talk  will  demonstrate  that 
if  attackers  can  plug  into  an  electrical  socket 
near  a  computer  or  draw  a  bead  on  it  with  a  laser 
they  can  steal  whatever  is  being  typed  in.  How 
to  execute  this  attack  will  be  demonstrated  by 
Andrea  Barisani  and  Daniele  Bianco,  a  pair  of 
researchers  for  network  security  consultancy 
Inverse  Path. 

Attackers  grab  keyboard  signals  that  are  gen¬ 
erated  by  hitting  keys.  Because  the  data  wire 
within  the  keyboard  cable  is  unshielded,  the  sig¬ 
nals  leak  into  the  ground  wire  in  the  cable,  and 
from  there  into  the  ground  wire  of  the  electrical 
system  feeding  the  computer.  Bit  streams  gen¬ 
erated  by  the  keyboards  that  indicate  what  keys 
have  been  struck  create  voltage  fluctuations  in 
the  grounds,  they  say. 

Attackers  extend  the  ground  of  a  nearby 
power  socket  and  attach  to  it  two  probes  sepa¬ 
rated  by  a  resistor.  The  voltage  difference  and 
the  fluctuations  in  that  difference  —  the  key¬ 
board  signals  —  are  captured  from  both  ends  of 
the  resistor  and  converted  to  letters. 

This  method  would  not  work  if  the  computer 
were  unplugged  from  the  wall,  such  as  a  laptop 
running  on  its  battery.  A  second  attack  can  prove 
effective  in  this  case,  according  to  Bianco’s  and 
Barisani’s  paper. 

Attackers  point  an  inexpensive  laser  at  a  shiny 
part  of  a  laptop  or  even  an  object  on  the  table 
with  the  laptop.  A  receiver  is  aligned  to  capture 
the  reflected  light  beam  and  the  modulations 
that  are  caused  by  the  vibrations  resulting  from 
striking  the  keys. 

Analyzing  the  sequences  of  individual  keys 
that  are  struck  and  the  spacing  between  words, 
the  attacker  can  figure  out  what  message  has 
been  typed.  Knowing  what  language  is  being 
typed  is  a  big  help,  they  say. 

Another  presentation  will  show  how  con¬ 
fidential  online  connections  such  as  bank¬ 
ing  transactions  made  from  public  wireless 
hotspots  remain  vulnerable  to  attacks  despite 


improved  security  that  was  supposed  to  fix  the 
problem. 

The  vulnerability  means  that  attackers  can 
lurk  in  the  middle  of  what  victims  think  are 
secure  SSL  sessions  with  banks,  retailers  and 
other  secure  Web  sites,  picking  off  passwords 
and  other  information  that  can  be  used  later  to 
steal  account  funds  or  compromise  confidential 
business  data,  say  Mike  Zusman,  a  consultant 
with  Intrepidus,  and  Alexander  Sotirov,  an 
independent  researcher. 

An  improved  method  of  qualifying  busi¬ 
nesses  for  SSL  certificates  —  called  extended 
validation  (EV)  SSL  —  turns  the  address  bar  in 
browsers  green  to  assure  users  that  the  connec¬ 
tion  is  being  made  using  EV  SSL  certificates.  It 
is  supposed  to  indicate  that  users  are  connect¬ 
ing  with  a  legitimate  business,  not  an  attacker. 
To  do  so,  the  entity  obtaining  the  SSL  certificate 
has  undergone  prescribed  scrutiny  and  quali¬ 
fied  for  the  certificate. 

But  a  green  bar  may  hide  the  fact  that  the 
browser  is  actually  connecting  using  SSL  cer¬ 
tificates  approved  via  the  traditional,  less  secure 
version  of  certificate  issuance  called  domain 
validation  (DV),  which  has  no  guarantee  that 
such  validation  criteria  were  met,  Zusman  says. 
Those  DV  connections  can  be  compromised  by 
attackers. 

To  take  advantage  of  this  weakness,  hackers 
would  set  up  laptops  in  a  public  Wi-Fi  zone  and 
use  well-known  methods  for  compromising 
the  wireless  access  points  such  as  ARP  or  DNS 
spoofing  or  hacking  management  platforms. 

With  control  of  the  DNS  for  the  access  point, 
the  attackers  can  establish  their  machines  as 
men-in-the-middle,  monitoring  what  victims 
logged  into  the  access  point  are  up  to.  They 
can  let  victims  connect  to  EV  SSL  sites  —  turn¬ 
ing  the  address  bars  green.  Subsequently,  they 
can  redirect  the  connection  to  DV  SSL  sessions 
under  certificates  they  have  gotten  illicitly,  but 
the  browser  will  still  show  the  green  bar. 

Attackers  could  drop  malware  into  victims’ 
browsers  that  would  grab  passwords  later  when 
they  access  sensitive  sites  from  secure  networks 
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that  the  attackers  have  not  cracked,  he  says. 

Web  sites  can  fix  their  end  of  the  problem  by 
adopting  all  EV  SSL  certs  for  all  the  elements  of 
their  sites,  even  those  served  by  third  parties. 
That  would  require  creators  of  Web  sites  to  find 
out  whether  all  the  elements  of  their  pages  use 
EV  SSL  certificates. 

But  makers  of  Web  browsers  would  also  have 
to  adapt.  Web  browsers  need  to  be  able  to  detect 
and  prevent  the  intermingling  of  DV  SSL  pro¬ 
tected  content  with  EV  SSL  protected  content, 
Zusman  says.  They  would  also  need  to  consider 
the  type  of  certificate  involved  when  they  apply 
same-origin  policy,  which  determines  how  to 
handle  elements  originating  from  the  same 
site. 

Meanwhile,  researchers  who  work  for  Mandi- 
ant  will  present  a  tool  for  piecing  together  what 
malicious  activity  might  have  been  carried  out 
by  an  attacker’s  payload  that  runs  only  in  mem¬ 
ory  and  evades  traditional  disk  forensics. 

In  particular,  the  memory  forensics  tool 
being  presented  by  Mandiant’s  Peter  Silberman 
and  Steve  Davis  finds  traces  in  memory  of  what 
activities  might  have  been  performed  via  Meter- 
preter,  a  software  module  for  the  open  source 
Metasploit  penetration  testing  framework. 

Meterpreter  can  be  injected  into  a  legitimate 
process  running  on  a  victim’s  computer  and 
thereby  avoid  detection  by  host  intrusion- 
detection/prevention  system  software.  Meter¬ 
preter  can  then  be  used  as  a  platform  for  further 
attack  to  log  keystrokes,  end  processes,  upload 
and  download  files  and  otherwise  compromise 
the  machine. 

Using  an  adapted  version  of  Mandiant’s 
commercial  Memoryze  memory-forensics  soft¬ 
ware,  the  researchers  say  they  can  parse  Virtual 
Address  Descriptor  files  in  Windows.  The  tool 
looks  for  the  packet  structure  of  the  protocols 
Meterpreter  uses  to  talk  to  its  server.  Based  on 
these  recovered  fragments  of  communication, 
analysts  can  infer  what  attack  occurred.  For 
instance,  evidence  of  dumped  hashes  might 
indicate  that  passwords  were  compromised, 
they  say. 

Because  the  data  is  volatile,  the  tool  cannot 
recover  100%  of  Meterpreter’s  activity,  but  it  is  a 
proof-of-concept  that  could  possibly  be  refined, 
Silberman  and  Davis  say.  ■ 
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Stealing  keystrokes  through  electric  lines 

Relatively  simple  equipment  can  tap  power  lines  to  intercept 
what  is  being  typed  on  nearby  keyboards 


1.  Unshielded  wires  in 
keyboard  cables  leak 
keystroke  signals  into 
the  cable  ground. 
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2.  The  signals  continue 
along  the  ground  wire 
of  the  electrical  service 
feeding  the  PC. 


Electric  wiring 


3.  Measuring  voltage  shifts 
across  an  extension  of 
the  electric-system 
ground  reveals  what  keys 
are  being  struck. 
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Talk  less.  Do  more. 
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BURNING-  MlflDIT I  rcc 

QUESTIONS?  fll  IKCUdd 

Wireless  networking’s  hurdles 

Wired  vs.  wireless;  international  calling  costs;  mobile  apps  challenge 


BY  JOHN  COX 


WIRELESS  AND  MOBILITY  are  fast-mov¬ 
ing,  fast-changing  areas  for  enterprise  IT.  There 
are  1,001  problems,  headaches,  glitches  and 
bugs  all  the  time.  But  don’t  lose  sight  of  the  Big 
Picture.  Here’s  our  attempt  to  answer  three  of 
the  most  burning  questions. 

IAre  mobile  Web  apps  ever 
going  to  grow  up? 

I  In  just  the  past  year,  several  trends 
have  crystallized  into  a  mobile  Web  platform 
that  promises  to  transform  mobile  application 
development  for  the  enterprise. 

Today’s  powerful  mobile  browsers,  many 
based  on  the  open  source  Webkit  engine,  are 
able  to  host  a  new  breed  of  mobile  Web  appli¬ 
cations,  of  which  Google’s  major  revision  of 
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Google’s  Gmail  incorporates  HTML  5  to  aid 
in  its  browser  functionality. 


Gmail  for  mobile,  released  earlier  this  year,  is 
a  good  example.  These  applications  can  be 
stored  locally,  along  with  user  and  other  data, 
run  inside  the  browser  and  even  work  without 
an  Internet  connection.  Written  in  JavaScript, 
these  applications  can  run  up  to  five  times  faster 
than  they  could  a  year  ago,  due  to  a  new  genera¬ 
tion  of  powerful  JavaScript  engines. 

They  offer  a  degree  of  interactivity  and  rich¬ 
ness  not  possible  before.  And,  at  least  in  theory, 
such  applications  could  run  with  any  of  the 
modern  browsers  that  also  support  the  latest 
relevant  standards,  such  as  HTML  5  and  Cas¬ 
cading  Style  Sheets  (CSS)  3. 

“If  you  look  at  browser  innovation  over  the 
last  12  months,  there’s  been  an  unprecedented 
acceleration,”  says  Matt  Waddell,  chief  of  staff 


for  mobile  and  developer  products  at  Google. 
One  area  of  innovation  is  the  growing  adop¬ 
tion  of  parts  of  the  still-emerging  HTML  5 
spec.  “[HTML  5]  represents  a  brand  new  set  of 
browser  functionality,  to  enable  an  entirely  new 
set  of  Web  applications,”  Waddell  says. 

Google  and  Palm  are  making  use  of  the  same 
technologies  in  their  new  operating  systems, 
respectively  Chrome  OS  and  webOS. 

For  enterprise  IT,  this  transformation  means 
faster,  simpler  development  of  mobile  Web 
applications  that  mimic  many  of  the  charac¬ 
teristics  of  native  applications,  which  are  writ¬ 
ten  for  and  compiled  to  a  specific  underlying 
operating  system.  The  new  Web  applications, 
though  using  the  same  basic  tools  as  Web  wid¬ 
gets  and  browser  extensions,  are  much  more 
sophisticated  and  much  simpler  to  create  than 
traditional  plug-ins  written  in  C  or  C++. 

The  tools  and  skills  needed  for  this  new  gen¬ 
eration  of  mobile  applications  are  those  already 
in  use  by  numerous  Web  developers.  “If  you’re 
going  to  write  an  app  for  a  mobile  platform  in  C 
or  Java  or  Objective  C,  you  have  to  get  an  SDK, 
and  hire  developers  who  know  these  platforms,” 
says  Chris  Blizzard,  director  of  evangelism, 
developer  relations,  at  Mozilla,  the  creator  of 
the  Firefox  and  now  Firefox  for  Mobile  (Fennec) 
Web  browsers.  “But  if  you’re  developing  for  the 
Web,  you  can  take  advantage  of  a  huge  num¬ 
ber  of  [publicly  available]  libraries  that  make 
Web  development  much  easier.  The  communi¬ 
ties  around  these  are  gigantic.  And  the  Web  is 
entirely  [open] -source  based:  I  can  look  inside 
and  see  how  the  application  works.  I  can  take 
advantage  of  that  knowledge.” 

But  there  are  tradeoffs. 

One  is  that  the  very  openness  lauded  by  Bliz¬ 
zard  is  a  potential  stumbling  block  if  you  need 
or  want  to  protect  some  intellectual  property. 

Another  is  that  mobile  browsers  pose  the 
same  kind  of  security  challenges  as  desktop 
browsers.  Still  another  is  that  performance  dif¬ 
ferences  with  native  applications  persist.  That 
can  be  a  showstopper  depending  on  what  you 
need  the  application  to  do. 

Also,  browser  applications  typically  can’t 
reach  outside  to  access  specific  device  features  or 
underlying  operating  system  services,  though 
that  is  changing.  “There  is  some  ongoing  work 
to  standardize  some  interfaces,  to  access  things 
like  underlying  network  [services],  address 
books,  being  able  to  make  phone  calls,  and  geo¬ 
location”  data,  Blizzard  says. 

Another  issue  is  that  Web  standards  are 


changing  and  support  for  them  is  inconsis¬ 
tent.  Sophisticated  mobile  Web  applications 
may  run  afoul  of  Web  sites  that  don’t  support 
HTML  5,  for  example.  Likewise,  you  may  end 
up  frequently  tuning  an  application  to  ensure 
cross-browser  compatibility  (though  this  is  less 
of  an  issue  if  you  mandate  a  standard  mobile 
platform). 

But  even  with  these  challenges,  mobile  devel¬ 
opers  are  enthusiastic  about  the  possibilities. 
“These  emerging  mobile  browsers  are  on  the 
cutting  edge  of  the  draft  specifications  for  CSS3, 
HTML  5  and  the  latest  JavaScript  APIs,”  says 
Ryan  Seddon,  senior  front-end  Web  developer 
with  DTDigital,  a  Melbourne,  Australia,  Web 
development  firm,  and  an  expert  in  CSS3.  “Not 
only  can  we  do  more  than  what  is  possible  on 
the  desktop  browsers  (because  we  don’t  have 
to  support  legacy  browsers,  which  really  hold 
back  on  innovation),  but  these  standards  are 
giving  us  the  tools  to  access  greater  functional¬ 
ity  and  create  a  seamless  experience  that  rivals 
that  of  native  applications.  And  it’s  only  going 
to  get  better.” 

How  much  longer  are 
you  going  to  hang  onto 
■  that  Ethernet  cable? 

As  more  enterprises  deploy  wall-to-wall  Wi-Fi, 
they’re  finding  users  voting  with  their  network 
interface  cards:  given  a  choice,  they  go  with 
wireless  rather  than  wired  access. 

In  pervasive  wireless  LANs,  depending  on 
the  industry  segment,  ever-more  IT  depart¬ 
ments  are  finding  50%  to  as  much  90%  of  edge 
switch  ports  sitting  idle. 

One  well-known  Northeast  college  is  starting 
to  evaluate  802. lln  as  an  upgrade  to  its  campus¬ 
wide  802.11abg  WLAN,  based  on  Aruba  Net¬ 
works  gear.  Parts  of  the  network  are  saturated 
with  users  and  heavy  traffic  because,  despite 
plenty  of  Ethernet  ports,  students  use  wireless 
almost  exclusively.  “We  think  lln  will  reduce 
but  not  totally  eliminate  wired  ports,”  says  the 
campus  networking  director,  who  requested 
anonymity. 

Colleges  and  universities  have  been  among 
the  first  to  discover  and  tackle  what  is,  for  IT,  an 
entirely  novel  development  and  an  issue  that 
touches  a  nerve  whenever  it’s  raised. 

“We  haven’t  been  rushing  around  looking  to 
pull  out  wired.switches,”  says  Dan  McCarriar, 
director  of  network  and  production  services 
at  Carnegie  Mellon  University  in  Pittsburgh. 
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CMU  has  recently  deployed  a  campus-wide  lln 
WLAN  based  on  Aruba  and  Xirrus  gear.  “But  as 
the  existing  wired  infrastructure  reaches  end 
of  life  and  we  look  towards  replacement,  we’re 
definitely  going  to  be  evaluating  a  scaled-back 
deployment  of  wired.” 

The  California  State  University  system  of 
23  institutions  did  a  port-by-port  analysis  of 
Ethernet  use  in  preparing  a  rollout  of  Aruba 
802.11abg  (upgradable  to  802.11n)  WLANs  on 
all  campuses.  Not  a  single  campus  had  greater 
than  50%  wired  port  use,  and  most  had  far  less 
than  that,  says  Michel  Davidoff,  CalState’s  direc¬ 
tor  of  cyberinfrastructure  services.  He  called  the 
results  “mind-boggling.”  A  careful  analysis  con¬ 
cluded  that  by  reducing  Ethernet  ports  to  reflect 
actual  usage,  CalState  could  eliminate  2,500 
switches,  and  save  about  $30  million  over  five 
years  in  capital  costs,  hardware  staging  and 
installation.  And  that  didn’t  include  electricity 
and  heating/cooling  savings. 

No  one  is  saying  that  Ethernet  cabling  and 
edge  switching  infrastructure  should  be 
scrapped  tomorrow.  But  plenty  of  IT  profes¬ 
sionals  are  starting  to  ask  exactly  what  the  real 
bandwidth  requirements  of  their  users  and 
applications  are,  and  how  these  change  in  peaks 
and  troughs  during  a  day  or  week. 

For  industries,  companies  and  locations 
where  mobility  is  a  primary  enabler  of  produc¬ 
tivity,  the  answers  to  these  questions  can  be 
used  to  make  realistic  assessments  of  when  and 
where  to  rely  on  the  WLAN  —  a  well-designed, 
well-managed,  secure  WLAN  —  and  cut  the 
cord  for  most  if  not  all  clients. 

3  Do  you  know  how  much 

money  you’re  wasting  on 
■  international  wireless  services? 

For  a  lot  of  companies,  just  a  few  users  working 
or  traveling  overseas  can  rack  up  the  bulk  of  cel¬ 
lular  spending  for  voice  and,  increasingly,  data. 

And  there  are  no  simple  or  easy  solutions  to 
change  that,  says  Phillip  Redman,  research  vice 
president  for  network  services  and  infrastruc¬ 
ture  at  Gartner. 

Cost  for  voice  in  the  United  States  averages 
about  9  cents  per  minute,  he  says.  Outside  the 
United  States,  it  jumps  by  at  least  a  factor  of 
10,  to  $1  to  $5  per  minute.  “Many  users  don’t 
know  this,”  he  says.  That’s  because  their  bills 


The  California  State 
University  system  is 
looking  at  eliminating 
2,500  switches  and  save 
$30  million  with  a  move 
to  wireless  technology. 


go  straight  to  corporate 
accounting. 

Many  users  don’t  realize 
they’re  charged  even  if  they 
don’t  answer  a  call.  Time 
zone  differences  might 
have  you  sleeping  while  others  are  calling  you. 
If  your  phone  is  on,  the  calls  go  into  voice  mail, 
and  result  in  billed  minutes.  If  you’re  overseas, 
and  join  a  conference  call,  the  bill  for  an  hour  can 
easily  cost  you  $200.  “After  a  week,  bills  can  be 
$3,000  to  $5,000  or  more,”  Redman  says. 

Cellular  data  services  have  “kind  of  snuck 
up  on  people,”  Redman  says.  Cellular  radios  on 
cards  and  U SB  dongles  make  it  deceptively  easy 
to  access  and  download  large  amounts  of  data 
and  run  up  substantial  charges.  Ad  hoc  charges, 
without  a  plan,  are  especially  costly,  often  run¬ 
ning  about  $6  per  megabyte,  Redman  says. 

Carriers  do  offer  separate  overseas  data  plans, 
but  often  at  $200  to  $250  per  month.  Such 
plans  are  four  to  five  times  more  expensive  than 
domestic  wireless  data  offerings,  and  typically 
carry  a  limit,  such  as  250MB  a  month.  “You  can 
easily  exceed  that  in  a  few  days,”  Redman  says. 
‘I  easily  do  150  megs  per  day.” 

“There  are  no  great  solutions  for  reducing 
costs,  beyond  reducing  the  number  of  users  who 
travel,  reducing  the  minutes  used,  and  making 
users  aware  of  the  costs,”  Redman  wrote  in  “Best 
Practices  for  Managing  Mobile  Voice  and  Data,” 
a  report  issued  in  June. 

Redman  recommends  an  enterprise  audit  to  lay 
bare  the  impact  of  international  calling  and  roam¬ 
ing.  You  can  use  those  numbers  to  make  employ¬ 
ees  more  aware  of  costs  and  change  their  cellular 
behavior:  keep  calls  short;  use  lower-cost  texting 
and  e-mail  as  alternatives;  and  use  a  wireline  desk 


phone  at  an  overseas  office  when  possible. 

You  can  use  the  same  numbers  to  negotiate 
with  carriers,  especially  for  particular  countries 
where  your  employees  do  a  lot  of  traveling.  Red¬ 
man  says  you  can  reap  discounts  of  30%  to  40% 
in  many  cases. 

There  also  are  technology  aids.  For  example, 
if  you  have  a  GSM  phone,  you  can  replace  your 
domestic  SIM  card  with  one  for  Italy  or  Japan, 
for  example,  making  in  effect  a  local  call.  That 
works  for  you  making  calls,  Redman  notes,  but 
people  calling  you  have  to  remember  and  use  dif¬ 
ferent  phone  numbers,  one  for  each  SIM.  And  if 
you  plug  in  a  French  SIM,  take  the  train  to  Spain 
and  forget  to  change  it,  you’re  racking  up  expen¬ 
sive  roaming  charges  again.  For  the  enterprise, 
there  are  costs  and  burdens  in  administering, 
coordinating,  provisioning  and  training  when 
using  multiple  SIMs  for  each  traveler. 

“VPN  dialing”  is  a  service  offered  by  some 
carriers:  it  puts  users  in  closed  groups  and  calls 
between  group  members  are  at  a  negotiated  rate, 
regardless  of  which  mobile  network  they  use, 
whether  they’re  traveling  or  calling  outside  their 
home  country. 

Laptop-based  softphones  and  VoIP  clients, 
and  the  use  of  Wi-Fi  networks,  either  public 
hotspots  or  branch  office  WLANs,  are  also  alter¬ 
natives,  though  each  has  drawbacks. 

For  wireless  data,  Redmond  recommends 
prohibiting  the  use  of  cellular  data  overseas. 
Don’t  use  Wi-Fi  services  priced  daily  or  hourly: 
costs  mount  quickly.  Use  smartphones  for 
e-mail  and  texting.  Check  out  what  plans  carri¬ 
ers  offer  for  various  data  services  for  remote  and 
traveling  workers.  One  of  the  best  options:  ser¬ 
vices  from  “managed  network  service  providers” 
such  as  iPass  and  Fiberlink.  They  offer  a  flat  rate, 
unlimited  international  data  use,  and  on-board 
client  code  helps  secure  the  laptop  or  device,  and 
enforce  a  range  of  enterprise  policies. 

Emerging  solutions  from  vendors  such  as 
Agito  Networks  and  DiVitas  Networks  will  tie 
cellular/Wi-Fi  smartphones  into  enterprise 
PBXs,  shifting  calls  to  Wi-Fi  networks  and  mak¬ 
ing  use  of  landlines  for  international  calls.  ■ 


The  high  cost  of  international  wireless  data  services 

Managed  service  providers  can  reduce  your  bill 


As  needed 

Carrier  service 

• 

Managed  service 
provider 

Dial  up 

$3-$6/minute 

Monthly  recurring 
charge,  plus 
$l-$5/minute 

Unlimited  U.S.  and 
global;  approx. 
$76/month 

Wi-Fi  (public, 
hotel) 

$20-$30/day 

$20/month,  plus 
$.12-$.18/min 

Included  in  above 

3G  cellular 

$4-$6/MB  ($80- 
$100/day) 

$140-$230/month; 
100-200  MB  max. 

$30-$60/month, 

unlimited 

SOURCE:  GARTNER 
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TECHUPDATE 

An  inside  look  at  technologies  and  standards 


Hybrid  clouds  the  way  to  go 


BY  JOHN  ENGATES 


n  these  tough  economic  times  it  has  become 
rather  common  to  hear  upper  management 
ask  questions  such  as,  “I’ve  read  about  that 
cloud  computing  thing.  Why  aren’t  we  using 
the  cloud  instead  of  buying  so  many  serv¬ 
ers?”  But  is  the  cloud  ready?  The  answer  is,  as 
any  good  engineer  would  tell  you,  “it  depends.” 

The  cloud  is  already  recognized  as  a  great 
alternative  for  Internet  sites,  hosted  e-mail, 
scalable  storage  and  on-demand  computing 
needs.  Those  who  have  embraced  the  cloud  for 
these  purposes  say  it  offers  exactly  the  kind  of 
computing  they  need,  when  they  need  it  and  at  a 
reasonable  price  with  no  commitments.  Projects 
are  implemented  faster  and  IT  is  better  prepared 
for  unpredictable  traffic  patterns,  spikes  or  last 
minute  “emergencies.”  But  while  the  benefits  of 
cloud-based  hosting  are  compelling,  there  is  still 
resistance. 

Resistance  to  the  cloud  comes  primarily  from 
two  fronts:  IT  pros  who  are  used  to  managing 
their  own  hardware,  and  business  executives 
who  fear  the  cloud  as  an  unknown  and  insecure 
world  where  everybody’s  data  is  intertwined 
with  no  boundaries  or  safeguards. 

Both  feel  safer  knowing  their  servers  are  con¬ 
trolled  and  under  their  own  supervision.  But 
the  price  for  that  security  is  substantial  and  the 
security  of  the  cloud  is  already  very  good  and 
only  getting  better.  As  the  economy  continues 
to  falter,  tighter  budgets  and  fewer  resources 
will  lead  many  IT  and  business  professionals  to 
their  fir  st  experience  with  cloud  computing  a  nd/ 
or  more  traditional  managed  hosting. 

Start  with  a  hybrid 

But  assuming  your  organization  has  overcome 
the  initial  resistance  to  embracing  cloud  com¬ 
puting,  the  question  remains:  Is  the  cloud  really 
ready  for  everything? 

The  answer  is  probably  not,  but  it  is  ready  for 
everyone.  The  cloud  certainly  is  ready  for  some 
portion  of  your  applications  and  IT  infrastruc¬ 
ture  needs.  One  important  thing  to  remember 
about  cloud  computing  is  that  it  doesn’t  have  to 
be  an  all-or-nothing  proposition.  It  can  be  a  com¬ 
ponent  of  a  larger  IT  infrastructure  strategy  that 
may  include  in-house  data  centers,  co-location 
or  managed  hosting. 

In  fact,  the  hybrid  combination  of  cloud  plus 
traditional  infrastructure  is  probably  the  best 
answer  for  most  companies.  A  hybrid  approach 
can  provide  you  the  costs  savings,  the  scalable 
on-demand  infrastructure  and  the  security  you 
need  with  very  few  tradeoffs. 

Building  a  hybrid  strategy  requires  some 
upfront  planning.  There  are  essentially  three 
buckets  of  applications:  those  which  could 


live  completely  within  the  cloud;  those  which 
require  completely  dedicated  infrastructure; 
and  those  applications  where  a  combination  of 
the  cloud  and  dedicated  infrastructure  would 
be  ideal. 

Start  by  taking  an  inventory  of  your  appli¬ 
cations  portfolio  and  try  to  sort  them  into 
these  three  categories.  And  remember  —  it’s 
not  all-or-nothing.  A  single  application  could 
potentially  span  both  dedicated  and  cloud 
infrastructure. 

The  services  that  require  a  high  degree  of 
security  or  are  very  I/O  or  database  intensive 
probably  ought  to  stay  on  dedicated  infrastruc¬ 


ture.  Applications  that  are  public  facing  or  scale 
up  and  down  unpredictably  are  good  candidates 
for  the  cloud.  And  then  there’s  everything  in 
between.  If  you  need  a  little  help,  here  are  some 
applications  that  might  fall  into  the  cloud  and 
dedicated  categories: 

Applications  that  can  be  hosted  in  the  cloud 
today: 

■  Your  company’s  blog  and  support  wiki. 

■  Your  Exchange  or  IMAP  e-mail. 

■  The  landing  page  for  marketing’ 
latest  mega-promotion. 

■  The  brochure-ware  Web  sites 
for  your  companies  hundreds 
of  products  and  brands. 

■  The  test/development  servers  that  your 
developers  seem  to  need  more  of  every  day. 

■  Data  storage  for  e-mail  archives, 
backups,  log  retention. 

■  A  minimal  remote  disaster- 
recovery  capability. 

■  New  applications  that  are  still  in 
development  or  ready  for  pilot. 

Applications  that  probably  need  dedicated 
infrastructure: 

■  The  corporate  ERP  system. 

■  Enterprise  data  warehouse. 

■  Your  credit  card  processing  services. 

■  Storage  for  the  designs  of 
latest  secret  R&D  project. 

■  Applications  that  require  specialized 
hardware  or  operating  systems 

not  available  in  the  cloud. 

The  hybrid  category  is  the  most  difficult  to 
generalize  so  we’ll  leave  that  up  to  you  to  fig¬ 
ure.  But  note  that  this  category  probably  offers 
the  biggest  payoff.  There  are  dozens,  possibly 


hundreds,  of  applications  in  every  IT  organi¬ 
zation  that  will  benefit  from  a  cloud  combined 
with  traditional  infrastructure. 

How  do  you  tap  into  the  cloud  to  create  these 
hybrid  solutions?  It  can  be  difficult  when  the 
cloud  is  2,000  miles  away  and  you’re  trying 
to  solve  the  physics  problem  better  known  as 
the  speed  of  light.  If  your  cloud  is  at  a  distance, 
then  a  hybrid  strategy  is  probably  limited  to 
applications  that  can  utilize  the  cloud  for  batch 
processing  of  some  sort.  You  might  also  make 
use  of  cloud  storage  for  applications  that  are  not 
sensitive  to  latency  or  for  which  you  can  cache 
data  locally. 


But  there  are  even  better  hybrid  options  on  the 
horizon  and  even  some  available  today.  Provid¬ 
ers  that  offer  cloud  services  and  complement  it 
with  traditional  infrastructure  in  the  same  data 
center  can  open  up  a  much  larger  set  of  options 
than  cloud-only  providers.  Imagine  having  the 
cloud  connected  to  your  physical  servers  via 
gigabit  Ethernet  rather  than  over  the  Internet. 
This  type  of  hybrid  approach  offers  the  most 
flexibility  possible  and  is  emerging  as  a  prom¬ 
ising  way  to  take  advantage  of  computing  as  a 
service  without  the  tradeoffs. 

Adversity  spawns  innovation  and  even  a  will¬ 
ingness  to  try  new  things.  If  you’re  making  any 
changes  in  your  infrastructure  strategy,  take  a 
hard  look  at  this  type  of  hybrid  cloud  solution.  It 
could  save  you  a  lot  of  capex  dollars  and  let  you 
continue  to  grow  in  this  economy. 

Most  businesses  are  still  much  in  favor  of 
managing  their  data  in  a  traditional  manner. 
And  no  one  is  going  to  make  a  wholesale  shift 
to  cloud  hosting  overnight.  But  as  the  business 
climate  changes,  we  can  expect  to  see  more  busi¬ 
ness  and  IT  professionals  adapt,  overcome  and 
improvise  with  one  foot  in  the  cloud  and  the 
other  on  more  solid  and  familiar  ground.  ■ 

Engates  is  CTO  of  Rackspace. 


This  vendor-written  tech  primer 
has  been  edited  by  Network  World 
to  eliminate  product  promotion, 
but  readers  should  note  it  will  likely 
favor  the  submitter’s  approach. 


Providers  that  offer  cloud  services  and  complement  it 
with  traditional  infrastructure  in  the  same  data  center  can 
open  up  a  much  larger  set  of  options  than 
cloud-only  providers. 
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Three  events.  Tangible  benefits.  Immediate  results. 

From  cost-effective,  open  source  solutions  and  data  center  tools  to  cloud  computing 
strategies,  these  events  cover  integrated,  enterprise  technologies  aimed  at  increasing 
data  center  efficiency  and  reducing  costs.  The  co-location  of  OpenSource  World,  N6DC 
and  CloudWorld  provides  a  unique  vaiue  proposition  that  will  maximize  learning  and  use 
your  time  away  from  the  office  efficiently. 

These  events  will  enable  you  to: 

•  Take  home  solutions  and  best  practices  that  will  immediately  increase  data  center 
efficiency,  while  saving  on  IT  costs. 

•  Get  an  in-depth  look  at  technology  trends  and  meet  face-to-face  with  leading 
solutions  providers. 

•  Meet  with  peers  and  share  case  studies  for  data  center  management,  open  source 
adoption,  cloud  computing  implementation  and  much  more. 
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REGISTER  NOW  to  Qualify  for  Free  Attendance! 
www.opensourceworld.com 
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GEARHEAD  BY  MARK  GIBBS 


Web  site  monitors  and  PowerPoint  timers 


IF  YOU’VE  BEEN  monitoring  your  online  sites 
using  a  third-party  service  you’ll  be  more  than 
slightly  aware  how  expensive  this  can  be.  While 
there  might  have  been  some  rationale  to  these  high  prices  in  the  early  days 
of  Web  monitoring,  with  the  plummeting  costs  for  hosting  and  bandwidth, 
today  you’d  expect  these  services  to  be  cheap,  er,  more  cost-effective. 

I  recently  found  a  new  service  called  BinaryCanary  (a  clever  but  really 
geeky  name)  that  monitors  any  of  12  protocols  (including  HTTP,  FTP,  DNS 
and  IMAP)  and  is  reasonably  priced. 

BinaryCanary  monitors  your  sites  from  three  locations  (Seattle,  Wash¬ 
ington,  D.C.  and  London)  and  crosschecks  between  locations  before  raising 
an  alert  to  prevent  false  positives.  BinaryCanary  can  also  check  for  domain 
name  expiration  and  can  monitor  for  unauthorized  page  changes  (in  case 
hackers  deface  your  content). 

The  total  number  of  “monitors”  you  use  is  calculated  by  the  number  of 
monitoring  locations  you  select  for  each  of  the  servers  —  so  if  you  have  all 
three  BinaryCanary  locations  monitoring  server  A  and  the  same  for  server 
B,  then  you  are  using  a  total  of  six  monitors. 

As  the  company  points  out,  commercial  monitoring  of  a  Web  site  once 
per  minute  for  less  than  16  cents  per  day  doesn’t  exist.  On  the  other  hand, 
BinaryCanary’s  starter  service  offers  10  one-minute  monitors  along  with 
20  SMS  alerts  for  $5  per  month!  The  company  also  offers  a  free  service  that 
allows  each  user  five  monitors  with  a  15-minute  check  rate  for  life. 

BinaryCanary’s  Web  site  and  service  are  very  well  designed  and  easy  to 
use.  I’ll  give  BinaryCanary  a  rating  of  5  out  of  5.  There’s  nothing  to  dislike 
about  the  offering  and,  goodness  knows,  it  is  cheap,  er,  reasonable. 

On  another  track,  this  week  I’m  chairing  the  meeting  of  the  Convergence 


Technology  Council  in  Calabasas,  Calif.  This  should  be  an  interesting 
meeting  as  the  topic  is  “Predictions  for  Webonomics  &  Advertising  3.0”. 

Each  speaker  will  introduce  himself  with  a  single  “elevator  pitch”  slide. 
Our  elevator  is  apparently  in  a  really  tall  building  as  each  speaker  gets 
five  minutes  and,  unlike  most  human  vertical  ascension  systems,  it  has 
multimedia  capability. 

As  I  generated  the  introductory  slides  in  PowerPoint  I  thought  it  would 
be  cool  to  have  an  on-screen  timer  to  keep  ’em  honest  during  the  pitch,  so  I 
started  looking  for  one  and,  to  my  surprise,  found  very  little  of  use ...  until 
I  stumbled  onto  PPTAlchemy. 

While  this  site  has  some  great  tools  for  extending  PowerPoint,  what  I 
really  liked  was  what  I  was  after:  A  free  PowerPoint  Slide  Timer.  This  tool 
uses  a  cute  trick:  You  create  a  shape  with  some  formatted  text  in  it,  select 
it,  and  then  run  a  Visual  Basic  for  Applications  (VBA)  macro  that  the  site 
provides  and  tells  you  how  to  install. 

In  the  macro  there  are  variables  that  specify  the  duration  of  the  timer 
and  the  size  of  the  “step”  and  a  simple  edit  will  allow  your  timer  to  count 
down  instead  of  up.  The  macro  loops  around  copying  the  shape,  replac¬ 
ing  the  text  with  the  time  for  each  step,  and  setting  the  shape’s  animation 
properties  so  that  each  shape  appears  in  sequence.  Voila!  “Une  timer  for¬ 
midable”  as  the  French  might  say. 

The  obvious  problem  with  this  hack  is  that  these  timers  don’t  work  if  you 
change  slides.  You  can  use  them  on  the  master  slide  but  then  the  timer  will 
restart  on  each  slide  change.  Nevertheless,  a  neat  hack  worth  checking  out. 
I  wonder  if  you  know  of  anything  better ... .  ■ 

Gibbs  is  timely  in  Ventura,  Calif.  Synchronize  with  gearhead@gibbs.com. 


COOLTOOLS  BY  KEITH  SHAW 

Mobile  workers:  No  excuses  for  no  backup 


YOUR  MOBILE  WORKERS  may  not  back  up  their 
files  as  much  as  you’d  like.  Many  in-office  work¬ 
ers  can  usually  back  up  their  data  to  a  network 
drive  or  a  USB-attached  device  (like  the  very  cool  Seagate  Replica).  Porta¬ 
ble  hard  drives  have  been  around  for  a  while,  but  some  recent  ones  include 
very  easy-to-use  automatic  backup  features,  giving  mobile  workers  no 
excuses  for  not  backing  up  their  systems.  Here  are  two  devices  I  like: 

The  scoop:  BlackArmor  PS110,  by  Seagate,  about  $160  (for  500GB 
version) 

What  it  is:  A  portable  hard  drive,  the  BlackArmor  PS110 
offers  500GB  of  data  capacity  and  connects  quickly 
and  easily  to  a  USB  2.0  port.  On  the  device  is  Sea¬ 
gate’s  BlackArmor  Backup  Software,  which 
includes  options  for  full-system  or 
incremental  automatic  backup  (you 
can  also  schedule  your  own  backup 
time),  full  system  recovery  (Bare 
Metal  Restore)  and  both  file-  and 
folder-level  encryption. 

Why  it’s  cool:  The  portability  and  ease  of  use 
really  make  this  an  option  for  mobile  workers  who  need 
reliable  backup  while  they’re  away  from  the  office  (and  any  in- 
house  backup  systems/options),  and  the  encryption  provides  them  with 
the  ability  to  protect  their  data  in  case  the  device  gets  lost  or  stolen.  The 
black  design  and  solid  casing  makes  it  scream  that  it’s  for  business  work¬ 
ers  (no  fancy  pink  here!). 

Some  caveats:  When  conducting  a  backup,  I  would  have  liked  the  abil¬ 
ity  to  see  my  progress  and  to  know  how  much  time  was  left. 

Grade:  (outoffive). 


The  scoop:  ClickFree  Traveler  (FL160),  by  Storage  Appliance,  about 
$80  (for  16GB). 

What  it  is:  About  the  size  of  a  credit  card,  this  ultrathin  hard  drive  is 
designed  for  mobile  workers  to  quickly  and  easily  back  up  their  notebooks. 
The  USB  port  slides  out  from  the  side  of  the  device  (no  additional  cables  to 
worry  about)  and  included  software  has  the  backup  features,  file  types  to 
save,  as  well  as  full-folder  backup. 

Why  it’s  cool:  The  ability  to  pick  and  choose  file  types  (for 
example,  back  up  only  photos  or  music)  has  its  merits, 
especially  if  you  have  those  files  scattered 
across  different  directories.  You  may 
not  want  to  do  a  complete  notebook 
backup,  but  just  to  protect  your  pho¬ 
tos  and/or  music,  so  that’s  a  nice  option. 
The  super-thin  size  makes  it  very 
appealing  to  the  mobile  worker.  A  handy 
reminder  application  can  be  installed  on  the 
user’s  notebook,  which  pops  up  to  give  gentle  remind¬ 
ers  to  complete  a  backup. 

Some  caveats:  The  device’s  thin  size  is  a  dou¬ 
ble-edged  sword.  The  USB  cable  is  wafer  thin,  and 
could  snap  off  with  heavy  or  rough  use.  While  I 
understand  the  portability  comes  with  an  extra 
price,  $80  for  16GB  seems  high  when  you  can  buy 
the  BlackArmor  for  twice  that  and  get  500GB 
instead  of  just  16GB. 

Grade:  ★★★ 

Shaw  can  be  reached  at  kshaw@nww.com. 


Seagate’s  Black 
Armor  PS110 
is  portable 
and  secure. 
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CLEAR  CHOICE  TEST  PERIMETER-BASED  DATA  LOSS  PREVENTION 


Fidelis  edges  Code  Green 

Perimeter  DLP  tools  require  fine  tuning  to  effectively  block  ‘bad’  data  from  escaping 


BY  NATE  EVANS  AND  BENJAMIN  BLAKELY 


inding  the  right  perimeter-based  data  loss  prevention  tool  means 
striking  a  balance  between  speed,  accuracy  at  detecting  and  block¬ 
ing  sensitive  data  from  exiting  the  network,  and  adequate  coverage 
across  a  broad  range  of  rule  sets  and  protocols. 

DLP  products  come  in  three  categories:  perimeter-based,  client- 
based  and  those  that  take  a  combined  approach.  In  this  test,  we  evaluated 
perimeter-based  appliances  from  Fidelis  Security  Systems,  Palisade  Sys¬ 
tems,  Code  Green  Networks  and  GTB  Technologies. 

The  DLPs  were  set  up  in-line  (except  for  Code  Green’s  Content  Inspector, 
which  doesn’t  support  in-line  mode)  between  a  simulated  WAN  and  LAN 
and  were  configured  with  a  set  of  10  rules.  We  then  ran  1,100  files  through 
each  device,  waiting  about  a  minute  between  each  file,  to  determine  how 
accurately  the  device  detected  and  blocked  a  total  of 276  “bad”  files  and  to 
what  degree  network  performance  was  affected  by  the  in-line  DLP. 

Here  are  our  key  findings: 

•  All  of  the  products  did  an  effective  job  detecting  harmful  files  that  were 


sent  over  the  specific  protocols  that  the  product  supports.  But  not  all  prod¬ 
ucts  support  a  wide  range  of  protocols. 

■  Some  of  the  products  that  did  well  at  detecting 
harmful  files  were  less  adept  at  blocking. 

■  None  of  the  products  were  able  to  analyze  or  block  encrypted  traffic. 

■  There’s  a  network  performance  hit  that  needs  to  be  taken 
into  account  when  running  these  products  in-line. 

Code  Green’s  Content  Inspector  scored  highest  when  it  came  to  detec¬ 
tion.  Code  Green  also  scored  high  on  ease  of  configuration.  But  Code  Green 
was  limited  in  the  range  of  protocols  it  could  block. 

Our  Clear  Choice  winner  is  Fidelis’  XPS  because  of  its  easy-to-use  inter¬ 
face,  flexible  rule  set,  amazing  reporting  and  better- than-average  detection 
and  blocking  ability. 

Palisade’s  Packetsure  and  GTB’s  Inspector  were  somewhat  unrefined 
by  comparison,  requiring  more  work  to  understand  the  rule  structure  and 
adding  unneeded  complexity  to  the  overall  process.  But  they  were  still  very 
competitive  when  it  came  to  detecting  harmful  files. 


NETRESULTS 

Product 

Content  Inspector 

Fidelis  XPS 

GTB  Inspector 

Packetsure 

Vendor 

Code  Green 

www.codegreennetworks. 

com 

Fidelis 

www.fidelissecurity.com 

GTB 

www.gtbtechnologies. 

com 

Palisade 

www.palisadesys.com 

Price 

$31,000 

$132,830 

$20,000 

$30,000 

Pros 

Highest  detection 
rate,  flexible  and 
easy  interface  for 
writing  rules. 

Fast  in-line  device,  useful 
management  interfaces. 

Consistent  product  able 
to  block  all  protocols. 

Helpful  wizard, 
excellent  real-time 
reporting  graph. 

Cons 

Does  not  support  any 
blocking  except  SMTP 
(e-mail)  unless  an 
external  proxy  is  used. 

Some  protocols  aren't 
fully  implemented; 
blocking  occurs  after 
data  is  detected  so 
there  is  some  leakage. 

Limited  in  rule 
generation  and  protocol 
scanning;  complex 
configuration. 

Slowest  in-line  device; 
reporting  is  tedious 
and  not  very  flexible. 

Score 

3.4 

3.9 

3 

3.1 

SCORECARD 

Product 

Fidelis  XPS 

Content 

Inspector 

Packetsure 

GTB 

Inspector 

Action 

Weight 

Administration/ease  of  use 

35% 

4 

4.5 

2.5 

2 

Features 

35% 

4 

2.5 

3 

3 

Performance 

20% 

4 

3.5 

3.5 

4 

Installation 

10% 

3 

4 

4 

3 

Total  score 

3.9 

3.4 

3.1 

3 

SCORING  KEY:  5:  EXCEPTIONAL:  4:  VERY  GOOD;  3:  AVERAGE;  2:  BELOW  AVERAGE;  1:  SUBPAR  OR  NOT  AVAILABLE 
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Installation 

Generally  DLP  vendors  deploy  engineers  to  the  customer  site  to 
set  up  and  configure  the  device,  but  we  decided  to  do  it  ourselves 
to  get  a  hands-on  understanding  of  how  the  product  works  from 
installation  through  reporting. 

For  Packetsure  and  Content  Inspector,  the  basic  installation 
was  fairly  straightforward  and  the  products  were  setup  with 
little  to  no  trouble.  For  Fidelis’  XPS  and  GTB  Inspector,  basic 
installation  was  a  little  more  difficult,  requiring  numerous  con¬ 
tacts  —  via  e-mail  and  phone.  But  they  eventually  were  set  up 
without  the  need  for  a  technician  to  show  up  on-site. 

After  each  product  was  set  up  and  could  pass  data  between 
the  simulated  LAN  and  WAN,  we  configured  the  device  to  our 
filtering  specifications.  This  included  a  sample  set  of  10  rules. 

The  DLPs  were  set  up  to  look  for  Social  Security  and  credit 
card  numbers,  certain  pieces  of  source  code,  and  five  words  in  a 
row  from  a  short  story,  which  would  be  used  to  prevent  any  part 
of  a  specific  report  from  leaving  the  network. 

We  also  set  up  rules  to  check  for  maximum  file  sizes  or  .mp3 
files.  And  we  fingerprinted  a  data  set  containing  a  list  of  cus¬ 
tomer  names,  addresses  and  Social  Security  numbers  and  set 
up  a  rule  blocking  any  combination  of  the  three. 

Configuration:  Code  Green  is  tops 

Code  Green’s  Content  Inspector  was  the  easiest  product  to 
configure  and  write  rules  for.  The  rule  language  is  simple  and 
the  graphical  interface  is  very  usable.  Code  Green  breaks  rule 
creation  down  into  two  categories:  data  and  policy.  One  defines 
data  to  be  blocked  using  a  variety  of  tools,  and  then  configures  a 
policy  to  check  for  it.  This  was  very  straightforward  and  easy  to 
change,  with  no  need  to  restart  the  device  or  reload  the  settings. 
In  the  configuration  simplicity  arena.  Code  Green  goes  above 
and  beyond  the  other  products. 

Fidelis’  XPS  sensor  has  a  “command  post”  server  to  handle 
management  and  configuration,  a  mail  sensor  server  (provided 
via  built-in  Postfix  SMTP  proxy),  and  a  Web  sensor  (imple¬ 
mented  via  a  third-party  BlueCoat  Web  proxy  appliance). 

Rule  creation  is  straightforward  and  simple  using  a  Web 
GUI.  XPS  is  the  only  product  that  lets  you  submit  sample  files 
in  order  to  test  each  rule  before  you  make  it  live. 

If  you  ever  have  a  question  about  a  specific  rule  or  a  page  you 
are  on,  Fidelis  has  built  in  help  links  on  each  page  that  explain 
each  check  box  or  button.  This  allowed  us  to  create  the  majority 
of  the  rules  without  any  technical  support  contacts. 

Palisade’s  Packetsure  provided  a  simple  wizard  to  assist  with 
setup  and  was  the  only  product  to  have  such  a  helpful  starting 
point.  However,  if  one  wants  to  add  or  change  a  rule  outside  of 
the  wizard,  the  sailing  is  not  quite  so  smooth. 

Part  of  the  problem  may  be  that  Packetsure  is  really  two  prod¬ 
ucts  trying  to  work  together  as  one:  there  is  a  content  analysis 
engine  and  a  protocol  analysis  engine.  The  Palisade  protocol 
analyzer  only  inspects  the  packet  payload  (instead  of  reassem¬ 
bling  the  data  stream  as  the  content  analysis  does).  This  two¬ 
pronged  approach  helps  isolate  each  rule,  but  it  makes  manag¬ 
ing  the  product  difficult. 

Also,  in  our  testing  the  rules  did  not  always  work  as  expected. 
For  example,  one  “content  analysis  checkbox”  means  packet 
analysis  and  another  content  analysis  checkbox  actually  reas¬ 
sembles  the  data  stream  before  it  analyzes  it  (similar  to  all  the 
other  products). 

Packetsure  seems  to  have  a  “phone  home”  functionality 
enabled  out  of  the  box.  After  turning  on  the  device,  it  immedi¬ 
ately  attempted  to  connect  to  a  remote  Citrix  server  (to  assist 
with  setup).  For  a  vendor  that  is  providing  a  device  to  rein  in 
data  leakage,  this  seems  an  odd  default  setting,  but  it  could  be  a 


Product  summaries 

Fidelis  XPS:  Overall  winner 

Fidelis  XPS  was  the  most  developed  product  in  overall  features,  general  flex¬ 
ibility  and  its  ability  to  block. 

It  has  a  “command  post”  server  to  handle  management  and  configuration, 
a  mail  sensor  server  (provided  via  built-in  Postfix  SMTP  proxy)  and  a  Web 
sensor  (implemented  via  a  third-party  BlueCoat  Web  proxy  appliance). 

Installation  isn't  simple,  but  it  didn’t  take  more  than  a  few  hours  to  get  XPS 
set  up  and  running.  The  built-in  help  links  are  very  useful  when  writing  rules 
and  the  XPS  includes  the  ability  to  test  rules  that  you  write.  The  XPS  does  a 
great  job  of  remaining  flexible  across  all  protocols  yet  still  maintaining  the 
ability  to  block  on  these  protocols.  The  management  interface  lets  you  easily 
create  rules  and  see  reports. 

This  product  was  the  fastest  we  tested,  blocking  80%  of  harmful  files, 
while  only  taking  a  10%  performance  hit.  If  you  are  looking  for  a  product 
to  block  a  variety  of  protocols  and  applications,  in  addition  to  the  standard 
HTTP  and  SMTP,  look  no  further. 

Palisade’s  Packetsure:  Two  products  in  one 

Palisade's  Packetsure  product  seems  to  contain  two  products  in  one:  a 
protocol  analyzer  and  a  content  analyzer.  Packetsure  had  a  high  detection 
rate,  but  the  slowest  speed,  performing  at  50%  of  maximum  bandwidth.  This 
product  has  some  interesting  features,  such  as  the  ability  to  help  set  up  the 
product  via  a  VPN  and  a  useful  graph  showing  data  passing  in  and  out  of  the 
network. 

Installation  was  simple  and  straightforward,  accomplished  in  less  than  an 
hour.  The  initial  setup  was  assisted  greatly  by  the  use  of  a  wizard.  However, 
altering  rules  after  using  the  wizard  is  bothersome  and  reporting  is  more 
difficult  and  clunky  than  it  could  be. 

Code  Green’s  Content  Inspector:  Tops  in  detection 

Content  Inspector  was  the  best  product  tested  when  it  comes  to  detecting 
data  leakage.  However,  because  it  can  only  block  a  few  protocols,  the  detec¬ 
tion  is  not  well  used. 

Installation  was  very  simple  and  configuration  was  easy  to  understand 
without  reading  any  manuals.  This  is  the  only  product  that  allowed  every 
rule  to  be  implemented.  This  product  was  able  to  detect  90%  of  the  data  we 
threw  at  it,  which  is  almost  double  some  of  the  other  competitors.  The  10% 
it  missed  was  because  of  lack  of  support  for  encrypted  traffic  streams  (SSH 
sessions),  which  no  product  supports. 

However,  it  can  only  block  files  on  four  of  the  tested  protocols:  HTTP, 
HTTPS,  FTP  and  SMTP,  three  of  which  are  done  using  a  third-party  BlueCoat 
Proxy  device  and  the  last  is  done  using  a  built-in  mail  relay.  When  using 
one  of  these  methods,  this  product  was  flawless,  blocking  every  file  it  could 
detect.  However  this  lack  of  blocking  ability  across  a  wide  variety  of  proto¬ 
cols  was  the  largest  drawback  in  Code  Green’s  Content  Inspector. 

GTB  Inspector:  Consistently  solid 

GTB’s  Inspector  is  a  very  consistent  product  but  is  limited  in  rule  generation. 
Installation  was  a  headache,  taking  nearly  eight  hours  to  set  up.  However, 
after  the  product  was  set  up  and  configured  it  was  extremely  consistent. 

What  it  detected  and  blocked  on  one  protocol  it  detected  and  blocked  on 
every  protocol  it  supported. 

The  problem  was  that  it  was  only  able  to  check  based  on  certain  rules 
and  those  rules  were  limited.  About  half  of  our  detection  tests  failed  on  this 
product  because  the  rule  types  are  not  supported.  However,  even  with  its 
lack  of  rule  support,  it  still  caught  62%  of  the  illegal  files.  Across  supported 
protocols,  this  was  the  only  product  to  score  a  100%,  catching  every  file  we 
could  send  through  the  machine  at  the  80%  network  bandwidth  it  allowed. 

Another  redeeming  quality  is  that  GTB’s  Inspector  has  a  very  powerful  and 
robust  fingerprinting  ability  that  allows  all  sorts  of  customization. 
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useful  tool  for  optional  troubleshooting. 

GTB’s  Inspector  has  the  most  difficult  configuration  process  of  the  four 
products.  In  order  to  write  a  rule,  one  must  edit  a  text  configuration  file, 
add  some  regular  expressions  and  format  each  line  very  specifically.  For 
example,  in  order  to  write  a  rule  to  check  for  the  words  “Top  Secret”  in  a 
file,  a  regular  expression  had  to  be  written  in  a  large  text  box  on  the  Web 
management  interface. 

There  is  no  wizard  or  graphical  interface.  The  other  limiting  factor 
with  GTB’s  Inspector  is  its  very  minimal  rule-set  functionality.  In  our 
test  it  could  only  implement  about  half  of  the  desired  rules.  Even  a  simple 
rule  such  as  looking  for  specific  file  names  or  maximum  file  size  was  not 
supported. 

Performance:  Fidelis  is  fastest;  Code  Green  wins  detection  test 

We  tested  how  accurately  the  product  blocked  a  total  of 276  harmful  files 
that  we  sent,  or  roughly  30  files  for  each  of  the  nine  protocols  (including 
HTTP,  SMTP,  POP,  IMAP,  FTP  and  Telnet)  in  our  test  bed.  We  also  mea¬ 
sured  how  fast  the  product  could  pass  data  through  the  device,  starting 
with  a  baseline  of  581Mbps,  which  is  the  capacity  of  our  network. 

The  best  performance  from  a  detection  perspective  was  Code  Green’s 
Content  Inspector,  which  detected  90%  of  the  data  we  threw  at  it.  And  the 
10%  that  it  missed  was  because  of  the  lack  of  support  for  encrypted  traffic 
streams  (SSH  sessions),  which  no  product  supports. 

However,  it  can  only  block  files  on  four  of  the  tested  protocols:  HTTP, 
Secure-HTTP,  FTP  and  SMTP.  The  first  three  are  done  using  a  third-party 
BlueCoat  Proxy  device  and  the  SMTP  is  done  using  a  built-in  mail  relay. 

This  lack  of  blocking  ability  across  a  wide  variety  of  protocols  was  the 
major  drawback  in  Content  Inspector.  But  if  your  company  is  only  worried 
about  those  four  protocols,  this  product  would  be  recommended. 

Fidelis’  XPS  had  an  84%  success  rate  in  detecting  and  blocking  across  all 
protocols  and  streams  of  data.  The  marketing  line  for  this  company  states 
that  they  can  block  data  on  all  65,535  ports  and  we  would  have  to  agree. 
This  product  blocked  virtually  everything  it  could  detect,  only  failing  on 
one  file  type  —  an  archived  Web  site. 

The  product  handled  obfuscated  data  very  well  —  catching  four  of  five 
files.  POP  and  IMAP  provided  a  little  bit  of  trouble,  but  after  a  few  custom 
patches  from  the  engineers,  it  worked  as  expected. 

The  choice  faced  by  all  these  products  is  a  tradeoff  between  performance 
and  blocking  effectiveness.  When  data  moves  through  a  DLP  device,  the 
product  can  choose  to  either  cache  it,  determine  that  it’s  good  and  then  let 
it  out,  or  try  to  analyze  on  the  fly  and  suffer  some  data  leakage. 

Fidelis  chose  performance  and  won  our  speed  test,  passing  traffic  at  90% 
of  network  capacity.  However,  occasionally  pieces  of  sensitive  data  leaked 
from  the  network.  All  the  other  products  chose  to  prioritize  blocking. 

Palisade’s  Packetsure  is  targeted  at  the  basic  protocols  of  HTTP,  SMTP 
and  FTP,  and  showed  a  high  blocking  rate  on  those  specific  protocols.  But 
Packetsure,  possibly  because  it  seems  to  contain  two  products  in  one,  was 
the  slowest  product,  performing  at  55%  of  the  allowable  bandwidth. 

Furthermore,  blocking  a  specific  protocol  and  scanning  based  on  con¬ 
tent  analysis  work  as  expected,  but  when  you  combine  the  two,  problems 
emerge,  creating  unexpected  results.  For  example  when  you  try  to  limit 
content  analysis  to  a  certain  protocol,  you  have  to  choose  between  using 
a  weaker  content  analysis  system  (which  won’t  reassemble  the  stream) 
or  not  limit  your  blocking  based  on  protocols.  The  latter  is  the  best  way 
to  handle  this  problem,  but  doing  so  reduces  the  flexibility  and  blocking 
capability  of  the  product. 

GTB’s  Inspector  was  the  most  consistent  product.  What  it  detected  and 
blocked  on  one  protocol  it  detected  and  blocked  on  every  protocol  with  no 
extra  work.  The  problem  with  this  product  was  it  only  could  check  based 
on  certain  rules  and  those  rules  were  limited.  About  half  of  our  detection 
tests  failed  because  the  rule  types  are  not  supported.  However,  even  with 
its  lack  of  rule  support,  it  still  caught  62%  of  the  illegal  files. 

Across  supported  protocols,  Inspector  was  the  only  product  to  score  a 
100%,  catching  every  file  we  could  send  through  the  machine  at  80%  of 
the  allowed  bandwidth. 


Fingerprinting:  GTB  Inspector  gets  high  marks 

Fingerprinting  is  a  concept  that  is  implemented  fairly  well  in  these  DLP 
products.  Fingerprinting  will  hash  a  file  and  look  for  parts  of  that  file 
leaving  the  network. 

Fingerprinting  is  used  to  prevent  sensitive  information  from  leaving 
a  network  and  at  the  same  time  to  reduce  false  positives.  For  example, 
most  organizations  want  to  prevent  Social  Security  numbers  from 
leaving  local  networks.  However,  a  lot  of  things  can  look  like  a  Social 
Security  number  (such  as  a  mistyped  phone  number  or  an  online  order 
number). 

Fingerprinting  takes  any  sensitive  information  you  may  have  on  your 
network  and  looks  for  a  number  of  pieces  that  specifically  correspond 
with  it,  to  make  it  a  piece  of  information  that  you  don’t  want  errone¬ 
ously  leaving  your  network. 

One  could  fingerprint  a  list  of  names,  addresses  and  Social  Security 
numbers  and,  instead  of  triggering  on  any  nine-digit  number,  the  DLP 
will  only  trigger  when  a  Social  Security  number  is  sent  out  with  the 
associated  full  name.  Or,  instead  of  looking  for  a  specific  word  phrase, 
it  can  look  for  a  few  sentences  from  a  report. 

All  of  the  tested  products  support  this  feature,  but  GTB  Inspector  is 
the  most  powerful  and  flexible  —  customers  can  fingerprint  data  from 
a  variety  of  flat  files,  databases  or  spreadsheets. 

That  power  and  flexibility,  however,  comes  at  the  cost  of  simplic¬ 
ity.  GTB  has  its  own  program  that  one  must  use  to  fingerprint  data,  as 
opposed  to  other  products  that  let  an  administrator  upload  and  finger¬ 
print  a  file  from  the  main  management  interface. 

Palisade’s  Packetsure  could  set  up  fingerprinting,  but  only  using  flat 
files.  Fidelis’  XPS  included  the  ability  to  test  your  fingerprints  once  you 
created  them. 

Code  Green’s  Content  Inspector  could  fingerprint  all  sorts  of  data 
and  let  us  set  up  scenarios  on  when  this  data  would  trigger  an  alert. 
For  example,  if  you  fingerprinted  names,  addresses  and  Social  Security 
numbers,  you  could  say  “alert  me  when  you  see  two  Social  Security 
numbers  and  one  has  a  matching  name.”  No  other  product  had  as  much 
granularity  and  yet  remained  simple  to  use. 

Reporting:  Code  Green,  Fidelis  are  tops 

One  of  the  most  useful  parts  of  a  DLP  product  is  its  reporting  feature. 
For  an  administrator,  knowing  what  a  product  is  seeing  and  blocking 
is  extremely  useful. 

Code  Green’s  Content  Inspector  and  Fidelis’  XPS  have  the  best 
reporting  systems.  Both  do  a  great  job  of  allowing  flexibility,  ease  of 
use,  exporting  capabilities  and  meaningful  graphs  to  help  make  this 
data  easy  to  digest.  Plus,  Content  Inspector  allows  for  simple  integra¬ 
tion  into  many  alert  software  applications  (such  as  Crystal  Reports)  or 
even  custom  applications. 

Palisade’s  Packetsure  tries  to  implement  the  functionality  needed 
in  report  generation,  but  doesn’t  quite  get  there.  The  interface  seems 
very  clunky  and  there  is  an  annoying  wait  of  3  to  5  seconds  whenever 
you  want  to  generate  a  report.  However,  Packetsure  has  a  very  useful 
protocol  graphing  tool  that  lets  you  see,  in  real  time,  what  kind  of  traffic 
is  moving  across  your  perimeter.  It  would  be  nice  if  this  was  tied  to  the 
blocking  feature  in  some  way,  but  it’s  not. 

GTB’s  Inspector  lagged  behind  the  competition  in  terms  of  report¬ 
ing.  It  provided  acceptable,  straightforward  reports  and  even  included 
the  ability  to  generate  graphs  to  help  interpret  the  data.  It  doesn’t  miss 
the  mark  on  reporting:  it  just  wasn’t  nearly  as  impressive  as  the  other 
three  products.  ■ 

Evans  manages  the  Internet-Scale  Event  and  Attack  Generation  Environ¬ 
ment  (ISEAGE)  at  Iowa  State  University.  He  can  be  reached  at  nate- 
evans@me.com.  Blakely  is  a  concurrent  graduate  student  in  Information 
Assurance  at  the  Iowa  State  University  of  Science  and  Technology. 

He  works  as  a  research  assistant  at  ISEAGE.  He  can  be  reached  at 
bablakely@gmail.com. 
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NETINSIDER  BY  SCOTT  BRADNER 

Amazon  fails  to  remember  the  physical 


THIS  COLUMN  IS  not  really  about  Amazon 
violating  its  own  terms  of  service  by  deleting 
e-books  that  its  Kindle  customers  had  purchased. 
Most  commentators  are  painting  Amazon’s  actions  as  some  sort  of  isolated 
brain  fart,  but  I  think  it’s  not  actually  an  Amazon-specific  problem. 

Some  background:  The  Amazon  terms  of  use  say  that  the  company 
grants  Kindle  users  “the  non-exclusive  right  to  keep  a  permanent  copy”  of 
the  e-books  they  purchase.  The  terms  do  not  let 
you  resell  the  e-books  and  limit  their  use  to  the 
individual  who  bought  them.  The  terms  say  that 
Amazon  can  revoke  access  to  an  e-book  without 
notice  if  you  violate  the  terms  but  nowhere  do  the 
terms  of  use  say  that  Amazon  can  delete  e-books 
after  you  buy  them.  In  spite  of  this,  Amazon  did 
delete  e-books  for  what  is  arguably  a  good  rea¬ 
son  —  it  did  not  have  the  right  to  sell  the  e-books  in  the  first  place. 

The  underlying  issue  here  is  that  Amazon,  among  many  others,  see  the 
rules  for  digital  as  different  than  those  for  other  things.  It  would  never  have 
crossed  Amazon’s  collective  mind  to  grab  a  physical  book  from  you  if  the 
company  had  shipped  you  one  that  it  did  not  have  the  right  to  sell.  But, 
maybe  because  it  could,  Amazon  just  did  what  it  has  the  ability  to  do  with¬ 
out  thinking  to  see  if  the  ability  to  do  something  automatically  meant  that 
it  was  the  right  thing  to  do. 

Amazon  is  not  alone  in  confusing  the  ability  to  do  something  with  the 
idea  that  it  is  the  right  thing  to  do.  It  would  be  inconceivable  that  the  U.S. 
Post  Office  would  be  required  to  make  and  save  a  record  of  who  sent  and 
received  every  letter  it  handled.  Yet,  just  because  it  can  be  done,  a  number 


of  law  enforcement  officials  have  called  for  laws  that  require  ISPs  to  do 
just  that  with  e-mail. 

It  is  rare  indeed  that  buying  something  digital  operates  under  the  same 
rules  as  buying  something  physical.  Amazon’s  own  terms  of  use  is  a  per¬ 
fect  example.  If  you  buy  an  e-book  from  Amazon  it  is  not  really  yours.  That 
is,  you  are  not  allowed  to  sell  it,  loan  it  [to]  a  friend,  donate  it  to  a  library  or 
just  about  anything  else  that  one  can  do  with  a  physical  book.  The  laws 

permitting  this  type  of  very  limited  ownership 
may  be  changing. 

Maybe  there  is  a  future  where  you  can  buy 
something  digital  and  treat  it  as  if  you  actually 
owned  it. 

That  future  would  have  to  have  a  way  to  deal 
with  the  fact  that  making  copies  of  digital  things 
is  a  lot  easier  to  do  and  harder  to  track  than 
making  copies  of  physical  things.  That  does  not,  however,  mean  that  it  is 
impossible. 

It  would  be  nice  if  the  ability  to  do  something  in  the  digital  world,  such 
as  limiting  utility  or  invading  privacy,  was  not  taken  as  a  mandate  to  do 
that  thing.  But  I’m  not  holding  my  breath. 

Disclaimer:  The  confusion  between  having  the  ability  do  something  and 
having  the  authority  to  do  it  is  a  common  theme  in  ethics  classes  in  places 
like  Harvard  but  I  have  not  seen  a  university  opinion  on  this  confusion 
when  it  comes  to  the  digital  world,  so  the  above  is  my  own  ramble.  ■ 

Bradner  is  Harvard  University's  technology  security  officer.  He  can  be 
reached  at  sob@sobco.com. 


//  Maybe  there  is  a  future 
where  you  can  buy 
something  digital  and  treat  it 
as  if  you  actually  owned  it.  ” 


EYEONTHECARRIERS  BY  JOHNA  TILL  JOHNSON 

A  look  at  cloud  computing’s  dark  lining 


UNLESS  YOU’VE  BEEN  living  in  a  cave  all  sum¬ 
mer  like  one  of  my  friends  (it’s  in  Finland,  he’s  an 
artistic  genius)  you’ve  probably  heard  the  buzz 
about  cloud  computing. 

Like  most  technologies  at  the  “hype”  life-cycle  stage,  cloud  computing 
can  apparently  do  no  wrong  —  it’s  the  cure  for  expensive  infrastructure 
ownership,  lack  of  business  agility  and  spending  overruns.  The  ability 
to  purchase  computing  cycles  and  storage  space  on  demand  is  perenni¬ 
ally  attractive  —  which  is  why  such  services  have  been  available  since  the 
1960s,  and  continue  to  pique  interest  today.  Although  just  20%  of  the  IT 
pros  I’m  working  with  say  they’re  considering  cloud  computing,  many  are 
interested  in  exploring  its  benefits  (63%  of  the  folks  who  have  a  single  data 
center  say  they’re  interested  in  exploring  cloud  computing). 

But  for  network  managers,  cloud  computing  comes  with  a  hidden 
risk:  network  dependency.  The  two  big  issues  are  the  cost  and  quality 
of  the  network  infrastructure  required  to  gain  access  to  the  computing 
cloud. 

Let’s  start  with  cost.  Moving  data  and  computing  cycles  away  from  the 
user  means  increasing  the  bandwidth  between  users  and  data.  In  itself, 
that’s  no  biggie  —  most  companies  have  been  steadily  increasing  band¬ 
width  as  they  consolidate  data  centers  and  as  user  populations  become 
increasingly  dispersed.  However,  most  cloud  computing  initiatives  are 
in  addition  to  —  not  instead  of  —  existing  data 
centers.  That  means  network  managers  may 
not  have  explicitly  budgeted  the  increase  in 
bandwidth  to  the  cloud  (even  though  they’ve 
planned  for  capacity  upgrades  to  the  data 
center).  In  other  words,  deployment  of  cloud 
computing  may  increase  network  costs  above 


what’s  already  been  planned  for. 

The  solution  here’s  obvious:  network  managers  need  to  stay  on  top  of 
cloud  computing  plans,  and  make  sure  they’re  in  the  loop  for  capacity 
planning. 

One  tricky  bit:  many  cloud  offerings  rely  on  the  Internet  for  bandwidth 
—  and  many  companies  haven’t  been  budgeting  for  rapid  bandwidth 
increases  in  Internet  connectivity.  That  brings  us  to  the  second  issue:  net¬ 
work  quality.  Overall,  the  quality  of  Internet  services  continues  to  improve, 
to  the  point  where  most  users  simply  assume  the  Internet  will  continue 
to  work.  But  as  applications  become  more  multimedia-  and  bandwidth¬ 
intensive,  that  assumption  will  be  increasingly  risky.  Users  are  increas¬ 
ingly  experiencing  “brownouts”  at  certain  times  of  day,  so  telecommuters 
can  expect  spotty  application  performance.  And  even  for  folks  relying  on 
business  Internet  services,  QoS  will  become  key. 

That’s  why  many  of  the  major  carriers  (including  AT&T,  BT  and  Veri¬ 
zon)  are  offering  cloud  computing  services  bundled  with  MPLS-based 
network  services.  That  works  if  the  user  base  is  connected  to  the  MPLS 
cloud  —  but  if  it’s  not,  network  managers  may  want  to  consider  deploying 
branch  optimization  products  remote  offices. 

In  short,  cloud  computing  may  be  an  ideal  way  for  companies  comput¬ 
ing  cycles,  but  they  need  to  brace  for  the  network  impact. 

As  for  my  artist  friend  in  the  cave,  I  hear  he’s  doing  something  way-cool 
with  LEDs.  Maybe  there’s  something  to  the  post- 

ISP  NEWS  modern  troglodyte  lifestyle!  ■ 

L_ J  REPORT  Johnson  is  president  and  senior  founding 

Subscribe  to  our  free  newsletter:  partner  at  Nemertes  Research,  an  independent 

www.nwdocfinder.com/1007  technology  research  firm.  She  can  be  reached 

at  johna@nemertes.com. 
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■  Microsoft ,  from  page  1 

Jeffrey  Hammond,  an  analyst  with  Forrester 
Research.  “That  is  a  sign  of  the  opportunity  they 
see  here.” 

Microsoft’s  open  source  virtualization  device 
drivers  offer  performance  and  storage  enhance¬ 
ments  to  any  distribution  of  Linux  running  on 
top  of  Microsoft’s  hypervisor  —  Hyper-V. 

But  lest  anyone  believes  Microsoft  is  somehow 
completely  transitioning  to  an  open  source  way 
of  thinking,  there  is  more  evidence  to  consider. 

The  company’s  Linux  kernel  submission, 
which  was  followed  a  day  later  with  a  second 
open  source  contribution  using  GPLv2,  is  con¬ 
trasted  by  the  company  signing  just  a  week  ear¬ 
lier  yet  another  cross-patent  licensing  deal,  this 
time  with  Melco  Holdings. 

Such  deals,  which  Microsoft  began  signing 
in  2006  starting  with  Novell,  protect  partners 
against  lawsuits  over  235  patents  Microsoft 
claims  it  holds  on  technology  found  in  Linux. 
Partners  pay  Microsoft  royalties  and  custom¬ 
ers  get  indemnification,  an  intellectual  prop¬ 
erty  mindset  that  is  the  polar  opposite  of  open 
source. 

Bottom  line:  Microsoft’s  kernel  submis¬ 
sion  points  to  positives  for  both  Linux  and 
Windows. 

Linux  gets  a  boost 

Linux  benefits  from  the  fact  that  the  code  contri¬ 
bution  validates  the  open  source  development 
model  and  the  GPLv2  licensing  model  used 
throughout  the  kernel. 

“Microsoft  is  publicly  stating  that  GPLv2  is  a 
valid  development  license  and  something  that 
is  acceptable  for  contributing  code ...  that  makes 
me  very  happy,”  says  Greg  Kroah-Hartman,  the 
Linux  driver  project  lead  and  a  Novell  fellow. 

In  the  past,  Microsoft  has  said  the  GPL  poses 
a  threat  to  the  intellectual  property  (IP)  of  any 
company  that  uses  it,  that  GPL  is  a  cancer  that 
attaches  itself  to  IP,  and  that  the  license  equates 
to  anti-capitalism. 

Beyond  validating  GPLv2,  the  code  submis¬ 
sion  could  motivate  those  that  have  not  yet 
embraced  Linux  development. 

“All  remaining  holdouts  will  have  to  change 
their  ways,”  says  Jim  Zemlin,  executive  director 
of  the  Linux  Foundation. 

The  Microsoft  code  consists  of  four  drivers 
that  are  part  of  a  technology  called  Linux  Device 
Driver  for  Virtualization,  which  was  first  intro¬ 
duced  as  the  Linux  Integration  Components 
for  supporting  Novell’s  SUSE  Linux  and  Red 
Hat’s  Enterprise  Linux  on  Hyper-V.  The  ongo¬ 
ing  maintenance  of  those  drivers  will  be  done 
by  Microsoft,  making  it  an  active  member  in  the 
Linux  community. 

Sam  Ramji,  who  runs  the  Open  Source  Soft¬ 
ware  Lab  for  Microsoft  and  is  the  company’s 


director  of  open  source  technology  strategy,  says 
the  code  is  available  to  any  Linux  distribution, 
commercial  or  otherwise,  without  requiring  any 
relationship  with  Microsoft. 

Those  are  words  Ramji  needed  to  say  to  the 
Linux  faithful  who  more  often  than  not  think 
Microsoft  has  something  up  its  sleeve,  includ¬ 
ing  those  last  week  who  were  already  screaming 
online,  “It’s  a  trick!” 

But  while  Ramji  has  become  a  credible  and 
trusted  liaison  to  the  Linux  community,  his  most 
important  Microsoft-centric  trait  is  that  “he  is 
savvy  about  how  Microsoft  needs  to  go  about 
competing  in  today’s  world,”  says  Gordon  Haff, 
an  analyst  with  Illuminata. 

And  in  that  regard,  Microsoft’s  nod  to  Linux 
last  week  could  have  many  ramifications  for  the 
vendor’s  future. 

“It  is  safe  to  say  that  getting  in  Linux  and 
broadening  support  for  Linux  definitely  has  to 
be  a  key  part  of  their  virtualization  and  cloud 
strategy,”  says  Chris  Wolf,  an  analyst  with  the 
Burton  Group. 

On  the  cloud  side,  Microsoft’s  kernel  drivers 
give  the  company’s  emerging  cloud  infrastruc¬ 
ture  the  ability  to  support  any  Linux  distribu¬ 
tion  with  consistent  performance  and  storage 
capabilities,  much  the  same  way  Amazon  EC2 
provides  multiple  platform  support. 

On  the  virtualization  side,  Wolf  says  new  alli¬ 
ances  are  rungs  on  the  competitive  ladder. 

“If  you  are  looking  at  the  [virtualization]  mar¬ 
ket  in  terms  of  vendor  alignment  Microsoft  has 
been  closely  aligned  with  all  the  major  Xen  ven¬ 
dors;  their  virtual  disk  format  is  fully  compat¬ 
ible  across  the  Xen  and  KVM  communities,  as 
well  as  Microsoft  hypervisors;  and  so  you  have 
this  community  of  vendors  not  named  VMware 
rallying  with  this  interoperability  story  against 
VMware,”  Wolf  says. 

There  is  other  evidence  of  Microsoft’s  strate¬ 
gic  tip-toeing  in  the  fact  that  the  code  submitted 
via  GPLv2  licenses  is  not  intertwined  with  other 
Microsoft  code,  which  makes  dabbling  with  the 
GPLv2  license  more  strategy  than  risk. 

The  Linux  device  drivers  are  a  stand-alone 
piece  of  code  as  is  the  plug-in  Microsoft  made 
available  via  GPLv2  last  week  to  link  Microsoft 
Live@edu  collaboration  tools  with  the  open 
source  course  management  Moodle  platform. 

“This  is  self-contained  code  that  Microsoft 
was  able  to  put  in  the  communities  lap,”  IDC’s 
Gillen  says. 

“All  of  this  represents  an  investment,”  he  says. 
“That  is  what  Sam  Ramji’s  charge  is  all  about. 
He  has  to  develop  strategy  and  a  product  plan  to 
try  and  make  sure  Microsoft  can  leverage  open 
source  where  it  makes  sense  and  interoperate 
where  it  makes  sense  and  where  it  is  a  positive 
for  Microsoft.  If  there  was  no  positive  here  for 
Microsoft,  they  would  not  be  doing  this.”  ■ 


it 


We  see  more  opportunity  to  work  together  and 
grow  open  source  on  the  Microsoft  platform.” 


SAM  RAMJI,  DIRECTOR  OF  OPEN  SOURCE  TECHNOLOGY  STRATEGY,  MICROSOFT 


Microsoft/Linux 
milestones 

1998 

Internal  Microsoft  “Halloween 
memos”  attacking  Linux  leak  out. 

1998 

May  —  Craig  Mundie, 

Microsoft  senior  vice 
president,  says  the 
open  source  GPL 
licensing  structure 
poses  a  threat  to  the 
intellectual  property 
of  any  organization  making  use  of  it. 

June  —  CEO  Steve 
Ballmer  one-ups  Mundie, 
calling  Linux  a  “cancer 
that  attaches  itself  in 
an  intellectual  property 
sense  to  everything  it 
touches.  That’s  the  way 
that  the  license  works.” 


2002 

May  —  Then-Microsoft  chairman 
Bill  Gates  equates  the  GPL  to 
anti-capitalism  at  a  Government 
Leaders'  Conference  in  Seattle. 

2003 

Microsoft  begins  its 
Get  the  Facts  campaign 
extolling  virtues  of 
Windows  over  Linux. 

The  campaign  is 
disbanded  in  2007. 


2006 

March  —  Microsoft  opens  Port 
25,  which  is  billed  as  an  open 
source  community  at  Microsoft. 

November  I  m  I  I 

-  Microsoft  |\  Q  I 

and  Novell  *  ”  v  1  B 

enter  business 

and  technology  partnership  to  provide 
integration  between  Linux  and  Windows, 
including  a  joint  interoperability 
lab  in  Cambridge,  Mass. 


2009 

July  —  Microsoft  submits  device 
driver  source  code  for  inclusion  in  the 
Linux  kernel  under  a  GPLv2  license. 


2004 

November  —  Ballmer  says 
Windows  provides  better  intellectual 
property  indemnification  than 
its  open  source  rivals. 


2007 

May  —  Microsoft  claims 
Linux  and  open  source 
violates  235  of  its  patents. 


2008 

July  —  Microsoft  makes 
$100,000  investment 
in  Apache  Foundation 
to  become  one  of  only  three  Platinum 
sponsors  of  the  Apache  Foundation 
(Yahoo  and  Google  are  the  others). 


www.networkworld.com  JULY  20  -  27, 2009  31 


NETWORKWORU) 


■  Editorial  Index 

■  Advertiser  Index 

Amazon 

28 

Advertiser  Page  ft 

URL 

Aruba 

17 

A-Neutronics . 

...27.... 

AT&T 

28 

Avaya 

8 

Avaya  . 

_ 9  www.networkworld.coratommunity/bc 

BinaryCanary 

22 

BT 

28 

CDW  Corp . 

.  .  .  .  4.  .  .  . 

. cdw.com 

Code  Green  Networks 

24 

Fiberlink 

17 

DNSstuff . 

15,  29.  .  .  . 

. DNSstuff.com 

Fidelis  Security  Systems 

24 

Fusion-io 

11 

dtSearch  Corp . 

.  .  .  27.  .  .  . 

GoldenGate  Software 

11 

Google 

8, 16 

Hewlett  Packard . 

.  .  .  36.  .  .  . 

GTB  Technologies 

24 

IBM 

11 

IBM  Corp . 

....7.... 

. .  ibm.com/systems/virtualize 

iPass 

17 

Juniper 

11 

IBM  Corp . 

.  10-11.  .  .  . 

. ibm.com/infrastructure 

McAfee 

11 

Microsoft  1,  8, 11,  31 

*IBM  Corp . 

.  18-19.  .  .  . 

Mozilla 

16 

Nortel 

8 

IDG  World  Expo . 

.  . .  21.  .  . . 

. .  .www.opensourceworld.com 

Novell 

8,  31 

Oracle 

11 

IT  Watchdogs . 

.  .  .  27.  .  .  . 

. ITWatchdogs.com 

Palisade  Systems 

24 

Palm 

16 

Microsoft  Corp . 

.  .  .2-3.  .  .  . 

.  .  microsoft.com/virtualization 

Qualcomm 

8 

Red  Hat 

8 

Sensaphone . 

.  .  .  27.  .  .  . 

. www.  i  ms-4000.com 

Seagate 

22 

Secure  Computing 

11 

Sprint . 

.  .  .  35.  .  .  . 

Storage  Appliance 

22 

Verizon 

28 

These  indexes  are  provided  as  a  reader  service.  Although  every  effort  has 
been  made  to  make  them  as  complete  as  possible,  the  publisher  does  not 

Workday 

11 

assume  liability  for  errors  or  omissions. 

Xirrus 

17 

indicates  Regional  Demographic 

International  Data  Group 

CHAIRMAN  OF  THE  BOARD:  Patrick  J.  McGovern 

IDG  Communications,  Inc. 

CEO:  Bob  Carrigan 

Network  World  is  a  publication  of  IDG,  the  world's 
largest  publisher  of  computer-related  information  and 
the  leading  global  provider  of  information  services 
on  information  technology.  IDG  publishes  over  300 
computer  publications  in  85  countries.  One  hundred 
million  people  read  one  or  more  IDG  publications 
each  month.  Network  World  contributes  to  the  IDG 
News  Service,  offering  the  latest  on  domestic  and 
international  computer  news. 


Publicize  your  press  coverage  in  Network  World  by 
ordering  reprints  of  your  editorial  mentions.  Reprints 
make  great  marketing  materials  and  are  available  in 
quantities  of  500  and  up.  To  order,  contact  the  YGS 
Group,  (800)  290-5460  ext.  148  or  e-mail  networkworld@ 
theygsgroup.com. 

Network  World  Events  and  Executive  Forums  produces 
events  including  IT  Roadmap,  DEMO  and  The  Security 
Standard.  For  complete  information  on  our  current 
event  offerings,  call  us  at  800-643-4668  or  go  to  www. 
networkworld.com/events. 


■  Network  World,  Inc. 

492  Old  Connecticut  Path, 

Framingham,  MA  01701-9002 
Phone:  (508)  766-5301 

To  Send  E-Mail  to  NWW  Staff 

firstname_lastname@nww.com 

CEO:  Mike  Friedenberg 

SVP,  CHIEF  CONTENT  OFFICER:  John  Gallant 
GROUP  PUBLISHER:  Bob  Melk 
PUBLISHER:  Andrea  D'Amato 

Online  Services 

VP/SALES:  Brian  Glynn 

MANAGER,  ONLINE  ACCOUNT  SERVICES:  Danielle  Tetreault 

Custom  Solutions 

SVP,  CUSTOM  SOLUTIONS  GROUP:  Matt  Avery 

Events 

SVP,  EVENTS:  Ellen  Daly 

VP,  EVENT  MARKETING:  Mike  Garity 

DIRECTOR  OF  EVENT  OPERATIONS:  Deb  Begreen 

Marketing 

VP  MARKETING:  Sue  Yanovitch 

Ad  Operations 

SENIOR  PRODUCTION  MANAGER:  Jami  Thompson 
ADVERTISING  COORDINATOR:  Maro  Eremyan 

Finance 

VP  FINANCE:  Mary  Fanning 

Human  Resources 

SVP  HUMAN  RESOURCES:  Patricia  Chisholm 
Circulation/Subscription 

CIRCULATION  MANAGER:  Diana  Turco,  (508)  820-8167 
IDG  List  Rental  Services 

DIRECTOR  OF  LIST  MANAGEMENT:  Steve  Tozeski 
Toll  free:  (800)  IDG-LIST  (US  only)/Direct: 

(508)  370-0822 

■  Sales 

Northeast/Midwest/Central 

REGIONAL  ACCOUNT  DIRECTOR:  Elisa  Della  Rocco, 

(201)  634-2300,  FAX:  (201)  634-9286 

Southeast/Mid-Atlantic 

REGIONAL  ACCOUNT  DIRECTOR:  Jacqui  DiBianca, 

(610)  971-0808,  FAX:  (201)  621-5095 

Northern  California/Northwest 

PUBLISHER:  Andrea  D'Amato,  (508)  766-5455 

Silicon  Valley/Southwest 

REGIONAL  ACCOUNT  DIRECTOR:  Coretta  Wright, 

(415)  267-4515 

Marketplace/Emerging  Markets-National 

REGIONAL  ACCOUNT  MANAGER:  Enku  Gubaie, 

(508)  766-5487 

Online 

ONLINE  ACCOUNT  DIRECTOR  NORTHEAST/MIDWEST/ 
CENTRAL:  Debbie  Lovell,  (508)  766-5491 
ONLINE  ACCOUNT  EXECUTIVE,  EAST:  Gena  Grossberg, 

(201)  634-2315 

ONLINE  DISTRICT  MANAGER,  NORTHERN  CALIFORNIA/ 
NORTHWEST/ROCKIES/UTAH:  Katie  Layng, 

(415)  267-4518 

ONLINE  REGIONAL  ACCOUNT  MANAGER,  SILICON  VALLEV 
SOUTHWEST:  Jessica  Koch,  (415)  267-4522 

Custom  Solutions 

NATIONAL  PROGRAMS  DIRECTOR:  Adam  Dennison 
WESTERN  PROGRAM  DIRECTOR  SOLUTIONS  GROUP: 

Karen  Wilde,  (415)267-4512 

■  Event  Sales 

DEMO 

SVP,  NETWORK  WORLD  EVENTS  &  DEMO:  Neal  Silverman, 
(508)  766-5463 

IT  Roadmap 

REGIONAL  ACCOUNT  DIRECTOR,  WESTERN  REGION: 

Jennifer  Sand,  (415)  267-4513 

REGIONAL  ACCOUNT  DIRECTOR,  EASTERN  REGION: 

Michael  McGoldrick,  (508)  766-5459 


Periodical  postage  paid  at  Framingham,  Mass.,  and  additional  mailing  offices.  Posted  under  Canadian  International 
Publication  agreement  #PM40063731.  Network  World  (ISSN  0887-7661)  is  published  weekly,  except  for  a  combo 
issue  in  November  and  the  last  week  and  first  week  in  each  of  the  following  months:  Dec. /Jan.,  March/April,  May/ 
June,  June/July  and  Aug./Sept,  by  Network  World,  Inc.,  492  Old  Connecticut  Path,  Framingham,  MA  01701-9002. 
Network  World  is  distributed  free  of  charge  in  the  U.S.  to  qualified  management  or  professionals.  To  apply  for  a 
free  subscription,  go  to  www.subscribenw.com  or  write  Network  World  at  the  address  below.  No  subscriptions 
accepted  without  complete  identification  of  subscriber’s  name,  job  function,  company  or  organization.  Based  on  the 
information  supplied,  the  publisher  reserves  the  right  to  reject  non-qualified  requests.  Subscriptions:  1-877-701-2228. 
Nonqualified  subscribers:  $5.00  a  copy;  U.S.  -  $129  a  year;  Canada  -  $160.50  (including  7%  GST,  GST#126659952); 
Central  &  South  America  -  $150  a  year  (surface  mail);  all  other  countries  -  $300  a  year  (airmail  service).  Four  weeks 
notice  is  required  for  change  of  address.  Allow  six  weeks  for  new  subscription  service  to  begin.  Please  include  mailing 
label  from  front  cover  of  the  publication.  Network  World  can  be  purchased  on  35mm  microfilm  through  University 
Microfilm  Int.,  Periodical  Entry  Dept.,  300  Zebb  Road,  Ann  Arbor,  Mich.  48106.  PHOTOCOPYRIGHTS:  Permission  to 
photocopy  for  internal  or  personal  use  or  the  internal  or  personal  use  of  specific  clients  is  granted  by  Network  World, 
Inc,  for  libraries  and  other  users  registered  with  the  Copyright  Clearance  Center  (CCC),  provided  that  the  base  fee 
of  $3.00  per  copy  of  the  article,  plus  50  cents  per  page  is  paid  to  Copyright  Clearance  Center,  27  Congress  Street, 
Salem,  Mass.  01970.  POSTMASTER:  Send  Change  of  Address  to  Network  World,  P.O.  Box  3090,  Northbrook,  IL 
60065.  Canadian  Postmaster:  Please  return  undeliverable  copy  to  PO  Box  1632,  Windsor,  Ontario  N9A7C9.  Copyright 
2009  by  Network  World,  Inc.  All  rights  reserved.  Reproduction  of  material  appearing  in 
Network  World  is  forbidden  without  written  permission.  Reprints  (minimum  500  copies) 
and  permission  to  reprint  may  be  purchased  from  Reprint  Management  Services  at  (717) 
399-1900  xl28  or  networkworld@reprintbuyer.com.  USPS735-730 


32  JULY  20  -  27, 2009  www.networkworld.com 


Make  the 
best  buying 


decisions 
for  your 


Check  out 

Network  World’s 
revamped  Product 
Guides  today 

•  Hundreds  of  enterprise- 
grade  IT  products  and 
services 


Quick  Glance  plots  how 
products  stack  up  on 
price  and  target  market 

Fast  side-by-sde 
product  comparisons 


www.networkworld.com/productguides 


See  how  products  fared 
in  Network  World’s  Clear 
Choice  Tests  -  hands-on 
testing 

Best  practices/buying 
tips,  case  studies  and 
market  trends 


-  P'  V 


BACKSPIN  BY  MARK  GIBBS 

Publish  and  be  damned!  Goodbye  ethics 


"Publish  and  be  damned!”  -  attributed  to  the  Duke 
of  Wellington  when  he  heard  that  a  courtesan  had 
threatened  to  publish  her  memoirs  and  his  letters. 


HAVE  YOU  EVER  received  e-mail  meant  for  someone  else?  With  the  huge 
migration  to  electronic  communications,  misdirected  documents  have 
become  commonplace  and,  as  many  have  found  out,  once  you  commit 
something  to  bits  rather  than  atoms  you  lose  control  of  the  content. 

Anyway,  if  you  have  received  documents  not  meant  for  you,  did  you  read 
them  and  learn  something  you  weren’t  meant  to  know?  And  here’s  the  big 
question:  what  did  you  do  about  it? 

Assuming  the  contents  were  private  and  personal  (as  in  “none  of  your  dang 
business”),  and  if  you  did  indeed  read  the  documents  and  there  was  nothing 
illegal  in  the  content,  then  surely  a  mature,  responsible  and  honorable  person 
would  simply  delete  the  e-mail  and  forget  about  the  contents.  Right? 

Let’s  also  say  you  know  other  people  also  erroneously  got  the  same 
messages.  Does  that  change  your  ethical  position  so  you  can  now  spill  the 
beans?  I  don’t  think  so. 

I  bring  this  up  because  of  a  curious  story  that  broke  a  few  days  ago.  The 
tale  concerns  the  Twitter  service  and  the  TechCrunch  blog  and  involves 
some  300  documents  belonging  to  Twitter.  These  documents  were  stolen 
by  a  French  hacker  who  broke  into  an  e-mail  account  belonging  to  a  Twit¬ 
ter  staff  member. 

The  hacker  was  planning  to  make  the  messages  public  but  first  he  sent 
them  to  TechCrunch  and  this  is  where  I  think  the  story  becomes  unethical 
and  also  gets  rather  odd:  Michael  Arrington,  CEO  of  TechCrunch,  imme¬ 
diately  blogged  about  getting  the  messages  and  wrote  “We’ve  spent  most  of 
the  evening  reading  these  documents.  The  vast  majority  of  them  are  some¬ 
what  embarrassing  to  various  individuals,  but  not  otherwise  interesting. ... 


But  we  are  going  to  release  some  of  the  documents  showing  financial  pro¬ 
jections,  product  plans  and  notes  from  executive  strategy  meetings.” 

Arrington  added:  “We’re  also  going  to  post  the  original  pitch  document 
for  the  Twitter  TV  show  that  hit  the  news  in  May,  mostly  because  it’s  awe¬ 
some.”  Awesome?  Really?  That’s  how  you  justify  publishing  the  contents 
of  a  stolen  private  document? 

Arrington  wrote  “it  certainly  was  unethical,  or  at  least  illegal  or  tortious, 
for  the  person  who  gave  us  the  information  and  violated  confidentiality 
and/or  nondisclosure  agreements.  But  on  our  end,  it’s  simply  news.” 

So,  “simply  news”  was  their  justification  for  publishing  the  stolen  docu¬ 
ments?  With  that  nonsense  TechCrunch  crossed  the  line  from  ethical  to 
unethical  and  from  real  journalism  (which  TechCrunch  does  very  well)  to 
gutter  journalism  (which  no  one  should  want  to  do  at  all). 

This  kind  of  behavior  does  a  huge  discredit  to  the  world  of  journalism. 
This  wasn’t  Watergate.  No  one  had  done  anything  wrong,  and  just  because 
the  documents  TechCrunch  exposed  might  be  made  public  and  weren’t 
injurious  to  individuals,  that  isn’t  a  reasonable  justification  for  public 
disclosure. 

Now  for  the  weird  part:  Twitter’s  lawyers  and  TechCrunch  legal  counsel 
apparently  locked  horns  and  went  through  some  kind  of  negotiation  over 
what  should  and  should  not  be  published.  Arrington  wrote,  “We’ve  spent 
much  of  the  last  36  hours  talking  directly  to  Twitter  about  the  right  way  to 
go  about  doing  that.”  I  find  it  strange  that  there’s  a  “right  way”  to  act  badly. 

Perhaps  this  is  what  the  future  of  online  journalism  in  general  and  tech 
journalism  will  look  like.  Publish  and  be  damned  indeed.  ■ 

Gibbs  may  well  be  damned  in  Ventura,  Calif.  Absolve  him  at  backspin@ 
gibbs.com. 


NETBUZZ  BY  PAUL  McNAMARA 


Best  Buy  calls  Twitter  a  job  qualification 


TWITTER  SKEPTICS  WILL  find  the  idea  silly,  but 
it’s  not,  particularly  not  in  this  case. 

Of  course  Best  Buy  should  be  seeking  Twit¬ 
ter  experience  in  a  candidate  for  a  senior  manager’s  position  in  “emerging 
media.”  Who  would  dream  of  landing  such  a  job  without  first-hand  knowl¬ 
edge  of  the  most-hyped  emerging  medium  in  recent  memory? 

But  that’s  not  to  say  the  company  was  going  about  measuring  Twitter 
savvy  in  the  right  manner.  Nor  does  it  answer  the  more  difficult  question 
of  who  among  us  needs  to  be  on  Twitter  for  the  sake  of  our  employers  and 
our  careers.  (It’s  a  question  we’re  grappling  with  at  Network  World.) 

Best  Buy’s  job  posting  was  for  a  “Senior  Manager  -  Emerging  Media  Mar¬ 
keting”  and  listed  basic  qualifications  of  a  bachelor’s  degree,  two-plus  years 
of  marketing  experience  and  a  year  of  active  blogging.  Under  “preferred” 
qualifications  were  a  graduate  degree  and  250-plus  followers  on  Twitter. 

Again,  I’d  want  any  candidate  for  such  a  job  to  be  an  active  blogger  and 
have  a  hand  in  Twitter.  However,  an  arbitrary  number  of  Twitter  followers 
will  not  separate  the  dabblers  from  the  more  meaningfully  experienced. 

Anyone  can  accumulate  followers  on  Twitter.  The  real  questions  are 
whether  you’re  actively  participating  and  realizing  any  tangible  benefits 
from  that  participation. 

Although  I’m  not  interested  in  working  for  Best  Buy,  I  do  meet  the  com¬ 
pany’s  Twitter  threshold,  having  attracted  1,700  followers  since  taking  the 
plunge  eight  months  ago.  Yet  I  remain  wholly  unconvinced  that  everyone 
needs  to  be  on  Twitter. 

Yes  for  would-be  senior  managers  of  emerging  media.  Yes  for  technology 
trade-press  editors.  No  for  CEOs.  (A  recent  survey  showed  only  two  For¬ 
tune  100  CEOs  are  on  Twitter,  and  it  seems  to  me  they  have  more  to  explain 
than  the  non-Tweeting  98.)  Maybe  for  most  everyone  else. 


As  for  you?  The  best  way  to  find  out  is  to  give  Twitter  a  shot.  It’s  free,  it 
can’t  hurt,  you  might  find  you  like  it ...  and  you  never  know  when  you  might 
need  a  job  at  Best  Buy. 

Why  would  Microsoft  patent  a  hinge? 

Not  that  I  was  losing  sleep  or  anything,  but  the  question  in  my  blog  head¬ 
line  —  “Why  does  the  maker  of  Windows  hold  a  patent  on  a  door  hinge? 
—  had  gone  unanswered  since  Dec.  14, 2006.  Now,  thanks  to  the  inventor’s 
grandson,  we  are  able  to  put  this  mystery  to  rest. 

It’s  actually  called  a  “butt  hinge  with  integrally  formatted  butt  straps” 
and  it’s  on  file  in  the  U.S.  Patent  and  Trademark  Office  database:  Patent  No. 
5,819,372;  inventor:  Robert  D.  Magoon,  Duluth,  Ga.;  assignee:  Microsoft. 

Fast-forward  to  July  2009,  and  I  receive  an  e-mail  from  Rob  Roeder: 

“I  am  the  grandson  of  Robert  D.  Magoon,  subject  of  your  article.  After 
finding  this  article  on  the  Internet  by  chance,  I  asked  him  about  it  and  he 
gave  me  the  lowdown  on  the  whole  story. ...  The  patent  was  originally  (and 
still  is)  owned  by  Kawneer  Company.  When  the  patent  was  originally  made, 
the  patent  office  accidently  registered  the  ‘butt  hinge  with  butt  straps’  to 
Microsoft  instead  of  Kawneer.  The  error  was  quickly  fixed.” 

Incompetence,  not  intrigue.  I  should  have  guessed. 

But,  while  I  wouldn’t  dream  of  questioning  the  recall  of  Magoon  or  the 
veracity  of  his  grandson,  I  do  find  it  curious  that  a  decade  after  the  mistake 
there  remains  the  erroneous  document  posted  on  the  Internet. 

However,  a  search  on  the  company’s  Web  site  shows  that  Kawneer  does 
sell  butt  hinges. 

And  a  search  on  Microsoft.com  shows  that  Microsoft  does  not.  ■ 

Next?  The  address  is  buzz@nww.com. 
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The  Now  Network' 


The  end  of  phone  tag.  Turn  your  desk  phone  and  mobile  phone  into  one  with 
Sprint  Mobile  Integration.  You’ll  have  one  number,  one  voicemail  and  one  easy  way  to  control 
mobile  usage.  Simplify  the  way  your  company  stays  in  touch.  Make  it  easier  for  clients  to  reach 
you.  And  reduce  company  telecom  expenses.  Less  dialing,  happier  clients.  Productivity  starts  now. 
sprint,  com/convergence 


©2009  Sprint.  Sprint  and  the  logo  are  trademarks  of  Sprint.  Other  marks  are  the  property  of  their  respective  owners. 
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inside  I 


ALTERNATIVE  THINKING  ABOUT  SERVER  ECONOMICS: 


i  like  a  superstar, 
ike  an  accountant. 


Now  more  than  ever,  you  need  your  money  to  work  harder.  With  the  new  generation 
of  HP  ProLiant  G6  Servers  with  Intel®  Xeon®  processor  5500  series  you  dramatically 
improve  energy  efficiency,  flexibility  and  performance.  And  more  reliability  in  each 
system  means  you  can  reduce  business  risk  as  you  increase  your  productivity. 

Decrease  your  IT  support  costs  to  an  absolute  minimum.  HP  Insight  Control  Suite  (ICE) 
will  help  you  to  reduce  operational  expenses  by  up  to  $48,380  per  100  users.* 

For  total  peace  of  mind,  HP  Care  Pack  Services  deliver  industry  leading  automated 
24X7  system  monitoring,  diagnosis  and  fault  notification  to  protect  your  investment 

Making  you  and  your  business  shine. 

Technology  for  better  business  outcomes. 


7* 


HP  ProLiant  DL360  G6  Server 


HP  ProLiant  BL460c  G6  Server  Blade 


HP  BladeSystem  c3000  Enclosure 


$2,969  (Save  $723) 


lease  for  just  $7 2/mo** 
SE'Buyi  [PN:519567-005] 


$2,209  (Save  $375) 

Lease  for  just  $54/mo.“ 

ESHjBuy;  [PN  532020-B21] 


$3,499  (Save  $2,319) 

Lease  for  just  $85/mo.“ 

ESffiiuy  [PN:481657-001] 


Special  0%  financing  for  up  to  36  months  also  available.1 
To  learn  more,  call  1-866-625-0812  or  visithp.com/go/G6superstar9 
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